Authorization header.
Charge uses API keys to authenticate requests. You can create and manage your API keys in the Charge Dashboard.
Test mode secret keys start with ch_sk_test_. Live mode secret keys start with ch_sk_live_.
Your secret key gives access to your Charge account, so keep it secure. Do not share it, do not expose it in client-side code, and do not commit it to source control. If a key is ever exposed, rotate it immediately and update the systems that send Charge requests.
Charge uses Bearer authentication, which means your API key is sent in the Authorization header using the Bearer scheme. Send that header on every request.
All API requests must be made over HTTPS. Requests sent over plain HTTP fail, and requests without authentication fail as well. When authentication fails, Charge returns the standard error object with a 401 status and an authentication_error type.
Header format
| Header | Format | Description |
|---|---|---|
Authorization: Bearer <secret_key> | Secret key | Secret API key passed in the Authorization header using the Bearer scheme. |