Skip to main content

Authentication

The Zip API uses API keys to authenticate requests. You can view and manage your API keys in the Developers Dashboard.

Note that API keys are live and test mode specific. A test mode API key will only return test mode data and vice versa.

warning

Be sure to keep your API keys secure! Do not share your API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

To authenticate requests, API keys must be included in the Authorization header using Basic Auth. The API key is the username and the password is an empty string.

Authenticated request
curl https://api.zip.ph/v2/charges \
  -u sk_test_4eC39...jtT1zdp7dc:
# The colon prevents curl from asking for a password.

Unauthenticated requests will fail with a 401 Unauthorized response.