General

ChargeAfter API uses bearer authentication. Bearer authentication gives access to the “bearer of the token” and must be sent in the Authorization header of HTTP call.

Security scheme type: Bearer
Header parameter name: Authorization
Token: private apiKey
Example: "Authorization: Bearer 503b453d34e90de75e0f83749e293ab1e524b6a5"

If you do not include your apiKey when making an API request, or use an incorrect or outdated one, ChargeAfter returns a 401 - Unauthorized HTTP response code.

API Keys

Every account has a total of four keys: A public and a private key for test mode, and a public and private key for live mode

Public API key can be publicly accessible in the client side code. It is used for authorizing SDK calls that come from a merchant's client side.

Private API key must be secret and stored securely in the server side of a merchant. It is used to perform any API request without restriction.

The API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.