API Key Authentication

Every request to the ALPPAY Merchant API must include your account-level API key for basic identification.

1. API-KEY Header

Header Name: API-KEY
Value Format: your API key string (e.g. ak_live_1234567890abcdef)

Accessing Your API Key

You can view your API keys in the ALPPAY account settings: https://account.alppay.io/en/profile/settings/account

API Key Settings

2. Example with cURL

curl --location 'https://api.alppay.io/v2/payment/{{paymentId}}' \
--header 'Content-Type: application/json' \
--header 'API-KEY: your_api_key_example' \

3. Troubleshooting & Errors

401 Unauthorized: invalid or expired API key.
403 Forbidden: your key does not have access to this resource.
Tips:
- Double-check header spelling and key value.
- Rotate your key in the dashboard if you suspect compromise.
- For payload integrity, pair with HMAC signature (see "Authentication → HMAC Signature").

Up next

HMAC Signature Authentication

Secure your API requests with HMAC-SHA256 signatures for data integrity and authentication.