Authentication

All API requests are authenticated using API keys passed in the Authorization header.

Environments

Synapto has two environments. Your API key works in the environment it was created in.

The JS SDK script URL also differs by environment:

Getting your API key

1. Log in to the Dashboard
2. Go to Settings > Developer
3. Click Create API Key, give it a name, and copy the secret

The secret is only shown once — store it securely. If you lose it, you can rotate the key to generate a new secret.

Finding your account ID

Your account ID is visible in the Dashboard URL:

https://dashboard.synaptopay.com/accounts/acct_RwDJsJd8z0exhtfX2570Q/...
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^

It's also shown in the account selector dropdown at the top of the Dashboard.

API key format

All API keys use the sk_live_ prefix, in both sandbox and production:

sk_live_ToQZ8KP8PipS0l1U3uzNyh

The sk_live_ prefix is the same in both environments. Which environment you're using is determined by the base URL, not the key prefix.

Making authenticated requests

Pass your API key in the Authorization header with the Api-Key prefix:

curl https://api.synaptopay.com/v1/accounts/acct_YOUR_ACCOUNT \
  -H "Authorization: Api-Key sk_live_YOUR_API_KEY"

Error responses

Missing API key

If the Authorization header is not provided:

HTTP/1.1 403 Forbidden

{
  "message": "Please provide your api key to authenticate via the \"Api-Key\" header.",
  "code": 7
}

Invalid API key

If the API key is not recognized or inactive:

HTTP/1.1 403 Forbidden

{
  "message": "Unknown api key \"sk_live_...\" provided in \"Api-Key\" header, please ensure the api key is correct and active.",
  "code": 7
}

Malformed Authorization header

If the header value doesn't follow the Api-Key <key> format:

HTTP/1.1 401 Unauthorized

{
  "message": "Malformed Authorization header, please use values like \"Api-Key sk_live_ToQZ8KP8PipS0l1U3uzNyh\".",
  "code": 16
}