Authentication

FinovoPay uses **Bearer Token** authentication to secure API requests. Your Secret Key acts as a unique identifier for your merchant account and must be included in the header of every request made to our servers.

Security Requirement

**Never** share your Secret Key or commit it to version control systems like GitHub. Authentication must always be performed from your **server-side** code. Client-side authentication (e.g., via JavaScript in a browser) will expose your keys and lead to account compromise.

The Authorization Header

All API requests must include the Authorization header followed by your secret key.

Key Authorization

Value Bearer YOUR_SECRET_KEY

Authentication Example

cURL Request

curl -X POST https://merchant.finovopay.com/v1/index.php \
  -H "Authorization: Bearer YOUR_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "action": "get_balance"
  }'

Valid Token

If the token is valid, the server returns a 200 OK response with the requested data.

Invalid Token

If the token is missing or incorrect, the server returns 401 Unauthorized.