API Keys
Acclaim provides two types of keys:
Secret keys allow full access to your account and must never be exposed in client code, logs, or version control.
Authorization Header
Include your secret API key as a Bearer token in theAuthorization header when making requests:
Text
Environment
The same API endpoint is used for both sandbox and production requests:Text
sk_test_, while live keys begin with sk_live_.
Example
cURL
Best Practices
- Rotate API keys periodically.
- Limit key permissions to only what’s required.
- Revoke unused keys immediately.
- Never embed secret keys in client-side or mobile applications.