Before proceeding with authentication, make sure you’ve completed the Quickstart guide and set up your Webhooks.

Authentication Headers

Authenticate your API calls by including your gateway key in the Authorization header of every request you make to the payment endpoints. Generally, we provide both test and live keys. test keys are meant to be used from your sandbox when integrating Juice API. The live keys, however, are to be kept secret. Both test and live keys have the format: live_myusdguyheiuwX746bagbedjyqg, but sandbox keys will not be the same as the production keys. Authorization headers should be in the following format: Authorization: API_KEY Sample Authorization Header 
Authorization: test_r3m3mb3r2pu70nasm1l3
API requests made without authentication will fail with the status code 401: Unauthorized. See our Errors page for details on handling authentication errors. All API requests must be made over HTTPS.

API Key Management

Key Types

  • Test Keys: Used in the sandbox environment for integration testing
  • Live Keys: Used in production for processing real transactions
  • Restricted Keys: Limited-scope keys for specific operations (coming soon)

Key Security Best Practices

Never commit your API keys to git repositories or expose them in client-side code. Your live production key must be kept secure at all times.
  1. Environment Variables: Store API keys as environment variables rather than hardcoding them
# .env file
JUICE_API_KEY=live_myusdguyheiuwX746bagbedjyqg
  1. Secure Configuration: Use secure configuration management services in production
// Node.js example using environment variables
const apiKey = process.env.JUICE_API_KEY;
  1. Key Rotation: Implement a regular key rotation schedule
    • Rotate keys every 90 days
    • Generate new keys before deactivating old ones
    • Update all systems using the keys during maintenance windows
Keep old keys active for a short overlap period (maximum 24 hours) during transition to prevent service disruption.

Next Steps

  • Read about Error Handling to properly handle authentication errors
  • Explore the Payment APIs to start processing transactions
  • Set up your production environment with live keys