Authentication

You'll need to authenticate your requests to access any of the endpoints in the Cari Finance API. In this guide, we'll look at how authentication works. Cari Finance offers API key authentication for your API requests.

API Key Authentication

Cari Finance uses API keys to authenticate requests. Your API keys carry many privileges, so be sure to keep them secure. Do not share your API keys in publicly accessible areas such as GitHub, client-side code, etc.

API keys are available in both live and test environments through the Developers Dashboard.

Key Types and Environments

All API keys start with a prefix that indicates both the key type and the environment:

• Live Environment: Use keys starting with pk_live_ for public access and sk_live_ for secret access.
• Test Environment: Use keys starting with pk_test_ for public access and sk_test_ for secret access.

The environment is automatically determined from the key prefix - there's no need to specify it separately.

Using API Keys

Authentication is performed by including your API key in the Authorization header of your HTTP requests, using the Bearer token scheme:

curl https://api.cari.finance/charges \
  -H "Authorization: Bearer pk_test_27436257e3fe4b0fa266f4a6f59047a3"

Test vs. Live Keys

• Test Mode: Use test keys (pk_test_ and sk_test_) when developing or testing your integration. Test keys create transactions in a safe, sandboxed environment that doesn't affect real payment methods or accounts.

• Live Mode: Use live keys (pk_live_ and sk_live_) only when you're ready to process real transactions with real payment methods.

Always ensure you're using the correct key for your current stage of development. Test mode allows you to simulate various payment scenarios without real money movement.

Using an SDK

If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access token from the Cari Finance dashboard under API settings, and the client library will take care of the rest.