Authentication
4pay.online supports two authentication methods for partner API access.
Method 1 — API Key (recommended)
Pass your API key in the x-api-key request header. This is the simplest and most common method for server-to-server integrations.
curl https://4pay.online/api/v1/transactions \
-H "x-api-key: pk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Where to find your API key:
- Log in to Partner Area
- Go to Settings → API Keys
- Click Create Key — copy the value immediately, it is shown only once
Keep your API key secret
Store API keys in environment variables. Never commit them to source control or include them in client-side code.
Method 2 — Bearer Token (session-based)
For interactive applications, you can authenticate with a login/password to obtain a Bearer token.
Create a session
curl -X POST https://4pay.online/api/v1/session \
-H "Content-Type: application/json" \
-d '{
"type": "partner",
"login": "your-login",
"password": "your-password"
}'
Response:
{
"token": "eyJhbGci...",
"refresh_token": "1acdd2f3-299a-4213-a2df-39b6fae4d165",
"expires_at": "2026-03-01T22:00:00Z"
}
Use the token
curl https://4pay.online/api/v1/transactions \
-H "Authorization: Bearer eyJhbGci..."
Refresh a session
curl -X PUT https://4pay.online/api/v1/session \
-H "Content-Type: application/json" \
-d '{
"refresh_token": "1acdd2f3-299a-4213-a2df-39b6fae4d165"
}'
End a session
curl -X DELETE https://4pay.online/api/v1/session \
-H "Authorization: Bearer eyJhbGci..."
Comparison
| API Key | Bearer Token | |
|---|---|---|
| Setup | One-time, no expiry | Login required each session |
| Best for | Server-to-server integrations | Interactive / dashboard apps |
| Header | x-api-key: YOUR_KEY | Authorization: Bearer TOKEN |
| Revocation | Delete key in Partner Area | DELETE /session or key expiry |
HTTP Response Codes
| Code | Meaning |
|---|---|
200 | Success |
201 | Resource created |
401 | Unauthorized — missing or invalid credentials |
403 | Forbidden — valid credentials but insufficient permissions |
422 | Validation error — check the errors field in the response |
429 | Rate limited — slow down requests |
500 | Internal server error — contact support |