How to authenticate with the KOMOJU API

KOMOJU offers merchants two types of API keys: secret and publishable. These keys are necessary for making API requests, and you can find them in the settings page of your merchant account. Each merchant account will have a pair of keys for both live and test environments.

API requests are authenticated through HTTP Basic Authentication. To authenticate, use your API key as the username and leave the password field empty. For example:

curl -u secret_key: ""

Secret Key

The secret key grants access to all API resources. It is crucial to store this key securely, as it has the potential to execute any action on your account. Make sure to keep your secret key on your server-side and never expose it to client-side applications.

Publishable Key

Unlike secret keys, publishable keys can interact with a limited selection of API resources. It is safe to expose your publishable key publicly, as it cannot cause any damage.

The following actions can be performed using the publishable key: