Skip to main content

Authentication

4pay.online supports two authentication methods for partner API access.


Pass your API key in the x-api-key request header. This is the simplest and most common method for server-to-server integrations.

curl https://4pay.online/api/v1/transactions \
-H "x-api-key: pk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Where to find your API key:

  1. Log in to Partner Area
  2. Go to Settings → API Keys
  3. Click Create Key — copy the value immediately, it is shown only once
Keep your API key secret

Store API keys in environment variables. Never commit them to source control or include them in client-side code.


Method 2 — Bearer Token (session-based)

For interactive applications, you can authenticate with a login/password to obtain a Bearer token.

Create a session

curl -X POST https://4pay.online/api/v1/session \
-H "Content-Type: application/json" \
-d '{
"type": "partner",
"login": "your-login",
"password": "your-password"
}'

Response:

{
"token": "eyJhbGci...",
"refresh_token": "1acdd2f3-299a-4213-a2df-39b6fae4d165",
"expires_at": "2026-03-01T22:00:00Z"
}

Use the token

curl https://4pay.online/api/v1/transactions \
-H "Authorization: Bearer eyJhbGci..."

Refresh a session

curl -X PUT https://4pay.online/api/v1/session \
-H "Content-Type: application/json" \
-d '{
"refresh_token": "1acdd2f3-299a-4213-a2df-39b6fae4d165"
}'

End a session

curl -X DELETE https://4pay.online/api/v1/session \
-H "Authorization: Bearer eyJhbGci..."

Comparison

API KeyBearer Token
SetupOne-time, no expiryLogin required each session
Best forServer-to-server integrationsInteractive / dashboard apps
Headerx-api-key: YOUR_KEYAuthorization: Bearer TOKEN
RevocationDelete key in Partner AreaDELETE /session or key expiry

HTTP Response Codes

CodeMeaning
200Success
201Resource created
401Unauthorized — missing or invalid credentials
403Forbidden — valid credentials but insufficient permissions
422Validation error — check the errors field in the response
429Rate limited — slow down requests
500Internal server error — contact support