Before proceeding with authentication, make sure you’ve completed the Quickstart guide and set up your Webhooks.
Authentication Headers
Authenticate your API calls by including your gateway key in theAuthorization header of every request you make to the payment endpoints.
Generally, we provide both test and live keys. test keys are meant to be used from your sandbox when integrating Juice API. The live keys, however, are to be kept secret.
Both test and live keys have the format: live_myusdguyheiuwX746bagbedjyqg, but sandbox keys will not be the same as the production keys.
Authorization headers should be in the following format: Authorization: API_KEY
Sample Authorization Header
API requests made without authentication will fail with the status code
401: Unauthorized. See our Errors page for details on handling authentication errors. All API requests must be made over HTTPS.API Key Management
Key Types
- Test Keys: Used in the sandbox environment for integration testing
- Live Keys: Used in production for processing real transactions
- Restricted Keys: Limited-scope keys for specific operations (coming soon)
Key Security Best Practices
Never commit your API keys to git repositories or expose them in client-side code. Your live production key must be kept secure at all times.
- Environment Variables: Store API keys as environment variables rather than hardcoding them
- Secure Configuration: Use secure configuration management services in production
- Key Rotation: Implement a regular key rotation schedule
- Rotate keys every 90 days
- Generate new keys before deactivating old ones
- Update all systems using the keys during maintenance windows
Keep old keys active for a short overlap period (maximum 24 hours) during transition to prevent service disruption.
Next Steps
- Read about Error Handling to properly handle authentication errors
- Explore the Payment APIs to start processing transactions
- Set up your production environment with live keys