Learn how to authenticate with the Acclaim API. This guide explains secret and publishable keys, sandbox vs. production environments, and best practices for secure API access.
All requests to the Acclaim API require authentication using an API key. API keys are used to identify and authorize requests made by your organization.
You can create and manage your API keys in the Acclaim Console under Settings → API Keys.
API Keys
Acclaim provides two types of keys:
| Type | Usage | Example |
|---|---|---|
| Secret key | Used for server-side API requests. Must be kept private. | sk_live_ABC123... |
| Publishable key | Used in client-side integrations (for example, embeddable payee forms). | pk_live_DEF456... |
Secret keys allow full access to your account and must never be exposed in client code, logs, or version control.
Authorization Header
Include your secret API key as a Bearer token in the Authorization header when making requests:
Authorization: Bearer sk_live_ABC123Environment
The same API endpoint is used for both sandbox and production requests:
https://api.withacclaim.com/v1Sandbox and production environments are isolated by key — sandbox keys begin with sk_test_, while live keys begin with sk_live_.
Example
curl https://api.withacclaim.com/v1/wallets \
-H "Authorization: Bearer sk_test_12345" \
-H "Content-Type: application/json"Best Practices
- Rotate API keys periodically.
- Limit key permissions to only what’s required.
- Revoke unused keys immediately.
- Never embed secret keys in client-side or mobile applications.