API Keys

MekaPayGroup provides two types of API keys that are required to authenticate your requests:

• Public Key: Used to identify your account in client-side or public requests.
• Secret Key: Used for secure server-to-server communication. This key must be kept confidential and never exposed publicly.

X-PUBLIC-KEY: YOUR_PUBLIC_API_KEY
X-SECRET-KEY: YOUR_SECRET_API_KEY

How to Get Your API Keys

You can generate and manage your API keys from the MekaPayGroup dashboard:

• Log in to your merchant dashboard
• Navigate to the Developer or API section
• Generate your Public and Secret keys
• Store them securely

Example Authenticated Request

Include your API keys in the request headers when making API calls:

curl --location 'https://api.mekapaygroup.com/api/sessions/payments/create' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'X-PUBLIC-KEY: YOUR_PUBLIC_API_KEY' \
--header 'X-SECRET-KEY: YOUR_SECRET_API_KEY' \
--data-raw '{
  "amount": 1000,
  "currency": "KES"
}'

Security Best Practices

• Never expose your Secret Key in frontend or client-side code
• Always store API keys in environment variables
• Rotate your API keys periodically for enhanced security
• Use HTTPS for all API requests to protect data in transit

Authentication Errors

If authentication fails, the API will return an error response. Common causes include missing or invalid API keys.

{
  "status": "error",
  "message": "Invalid API credentials"
}