Hakuna uses API keys to authenticate all requests, and authentication is handled via Bearer Authentication.

When you make an API request, you'll need to pass either your sandbox secret key or your live secret key in the HTTP Authorization header. Which key you use depends on the environment you're using.

curl<ENDPOINT> \
  -H "Authorization: Bearer <API_KEY>"

If you do not enter a valid API key in your request, you will get a 401 response (unauthorized).

Getting your API keys

You can view and manage your API keys for both the production and sandbox environments in the Hakuna merchant console.

Get access to the Hakuna merchant console Once your merchant console account has been created, you'll get an email with a temporary password. Click the link in the email to set a new password and complete your account setup. If you have not yet received an email, please let us know.

Please be aware that any changes made to existing API keys will take effect immediately and could cause unintended side effects.

Managing your API keys

Your API keys carry many privileges, so it is important to keep them private and secure. They should live primarily in your backend, and should never be exposed on your frontend.

Do not hardcode or share your API keys (particularly in your source version control system).

Last updated