1. Getting started
Casharc
  • API
    • Merchant
      • Getting started
        • Introduction
        • Authentication
        • Quickstart
      • Сore сoncepts
        • Statuses
        • Reason Codes
      • Balance
        • Balance
      • Payment
        • Payment
        • Payment Detail
        • Payment Refund
        • Payment Cancel
        • Payments List
      • Payout
        • Payout
        • Payout Detail
        • Payout Cancel
      • Appeal
        • Appeal
        • Appeal Detail
        • Appeal Cancel
      • Webhook
        • On Status Change
  1. Getting started

Authentication

Casharc authenticates API requests using a public/secret key pair issued per project. Every request must include both keys as headers, and must originate from an allow-listed IP address.

API keys#

Create an API key in your project settings. On creation you receive:
Public key — identifies your project. Safe to store on your side.
Secret key — authenticates the request. Shown only once, at creation time, and never stored by Casharc in plain text. If you lose it, rotate the key and update your integration.
Keep your secret key server-side. Never expose it in client-side code or commit it to source control.

Authenticating a request#

Pass both keys as headers on every request:
X-Public-Key: your_public_key
X-Secret-Key: your_secret_key
Example:

IP allow-listing#

Each API key is restricted to a set of allow-listed IP addresses. Requests from any other address are rejected, even with valid keys. Add the IP addresses of your servers to the key's allow-list in your project settings.

Permissions#

Each API key carries a set of permissions that control which endpoints it may call (for example, creating payments versus only reading them). Grant a key the minimum permissions its integration needs.
Previous
Introduction
Next
Quickstart
Built with