Skip to main content
PayPulse uses two authentication methods depending on the endpoint.

API Key authentication

Pass your API key in the X-Api-Key header:
curl https://api.paypulse.cv/api/v1/plans \
  -H "X-Api-Key: pp_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
API keys are project-scoped. Each key belongs to one project and grants access to that project’s data (plans, customers, subscriptions, invoices, etc.).

Key formats

PrefixEnvironmentUsage
pp_test_TestDevelopment and testing
pp_live_ProductionLive transactions
Test keys never process real payments. Always use test keys during development.

JWT authentication

Some endpoints (merchant management, API key creation) require a JWT token:
curl https://api.paypulse.cv/api/v1/merchants/me \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..."
Get a token via the login endpoint.

Dual-auth endpoints

Some endpoints accept both API key and JWT. These routes tie a project to a merchant for additional security:
EndpointAuth method
POST /webhooksAPI key + JWT
GET /webhooksAPI key + JWT
DELETE /webhooks/{id}API key + JWT
POST /cancellation-policiesAPI key + JWT
GET /cancellation-policiesAPI key + JWT
For these, pass both headers:
curl -X POST https://api.paypulse.cv/api/v1/webhooks \
  -H "X-Api-Key: pp_test_xxxx" \
  -H "Authorization: Bearer eyJhbGci..."

Error responses

StatusMeaning
401Missing or invalid authentication
403Key is inactive or lacks access to the resource
{
  "detail": "Invalid API key"
}