# Authentication

Learn how to authenticate your API requests to HivePay.

# API Keys

HivePay uses API keys to authenticate requests. Your API key is generated during merchant registration and grants access to:

Create and manage payment sessions
View payment history and details
Update merchant settings
Configure webhooks

# Using Your API Key

Include your API key in the Authorization header of every API request:

import { HivePay } from '@hivepay/client';

const hivepay = new HivePay({
  apiKey: 'sk_live_xxxxxxxxxxxxx'
});

// All subsequent requests are authenticated
const payment = await hivepay.payments.create({
  amount: '10000',
  currency: 'HIVE',
  description: 'Order #123'
});

curl https://hivepay.me/api/public/payments \
  -H "Authorization: Bearer sk_live_xxxxxxxxxxxxx"

const response = await fetch('https://hivepay.me/api/public/payments', {
  headers: {
    'Authorization': 'Bearer sk_live_xxxxxxxxxxxxx',
    'Content-Type': 'application/json'
  }
});

# API Key Format

HivePay API keys follow this format:

sk_live_xxxxxxxxxxxxx

sk_ - Indicates a secret key
live_ - Environment identifier
xxxxxxxxxxxxx - Unique identifier

# Security Best Practices

# Do

Store API keys in environment variables, not in code
Use secrets management systems in production
Rotate keys if you suspect they've been compromised
Use separate keys for development and production (when available)

# Don't

Commit API keys to version control
Share API keys in public forums or code snippets
Include API keys in client-side JavaScript
Log API keys or include them in error messages

# Environment Variables

Store your API key in environment variables:

// .env file
HIVEPAY_API_KEY=sk_live_xxxxxxxxxxxxx

// Application code
import { HivePay } from '@hivepay/client';

const hivepay = new HivePay({
  apiKey: process.env.HIVEPAY_API_KEY
});

export HIVEPAY_API_KEY=sk_live_xxxxxxxxxxxxx

# Lost API Key

If you lose your API key, you cannot retrieve it. Contact support to:

Deactivate your existing key
Generate a new API key

When a new key is generated, your old key becomes invalid immediately. Update your application with the new key before deactivating the old one.

# Authentication Errors

Status Code	Error Code	Description
401	`AUTHENTICATION_ERROR`	Missing or invalid API key
403	`FORBIDDEN_ERROR`	Valid key but insufficient permissions

import { isHivePayError } from '@hivepay/client';

try {
  await hivepay.payments.create({ ... });
} catch (error) {
  if (isHivePayError(error) && error.isAuthError()) {
    console.error('Invalid or missing API key');
  }
}