Authentication
All API requests must be authenticated using an API key.
Bearer Token
Include your API key in the Authorization header:
curl https://api.ikawaari.com/v1/payment-intents \
-H "Authorization: Bearer ik_test_your_key_here"
Environments
| Key Prefix | Environment | Base URL |
|---|---|---|
ik_test_ | Sandbox | https://api.ikawaari.com/v1/ |
ik_live_ | Live | https://api.ikawaari.com/v1/ |
The environment is determined by the API key used, not the URL.
Dashboard Authentication
The merchant dashboard uses JWT-based authentication with optional two-factor authentication (TOTP).
Security Best Practices
- Never expose API keys in client-side code, Git repositories, or logs
- Use environment variables to store API keys
- Restrict key scopes to the minimum required permissions
- Rotate keys regularly and revoke unused keys
- Use IP whitelisting for production keys when possible