Guides
Authentication

Authentication

All API requests to PayVanta must be authenticated using Base64 encoded API credentials. This ensures secure access to your account and its resources.

Getting API Credentials

  1. Log in to your PayVanta dashboard
  2. Navigate to Settings > API Keys
  3. Generate a new API key pair
  4. Store your credentials securely

Dev Settings Location

Authentication Method

To authenticate your requests:

  1. Combine your API key and secret with a colon: api_key:api_secret
  2. Encode the combined string in Base64
  3. Add the encoded string as a Bearer token in the Authorization header

Example

# Original credentials
api_key:api_secret
 
# After Base64 encoding
YXBpX2tleTphcGlfc2VjcmV0
 
# Final Authorization header
Authorization: Bearer YXBpX2tleTphcGlfc2VjcmV0

Implementation Examples

cURL

curl -X POST https://api.payvanta.in/v1/endpoint \
  -H "Authorization: Basic ${BASE64_ENCODED_CREDENTIALS}" \
  -H "Content-Type: application/json" \
  -d '{"key": "value"}'

Python

import requests
import base64
 
# Generate Bearer token
api_key = "your_api_key"
api_secret = "your_api_secret"
credentials = f"{api_key}:{api_secret}"
token = base64.b64encode(credentials.encode()).decode()
 
# Make API request
headers = {
    "Authorization": f"Bearer {token}",
    "Content-Type": "application/json"
}
response = requests.post("https://api.payvanta.in/v1/endpoint", headers=headers, json={"key": "value"})

Node.js

const axios = require('axios');
 
// Generate Bearer token
const apiKey = 'your_api_key';
const apiSecret = 'your_api_secret';
const credentials = `${apiKey}:${apiSecret}`;
const token = Buffer.from(credentials).toString('base64');
 
// Make API request
const headers = {
  'Authorization': `Bearer ${token}`,
  'Content-Type': 'application/json'
};
axios.post('https://api.payvanta.in/v1/endpoint', { key: 'value' }, { headers });

Security Best Practices

  1. Never share your API credentials
  2. Store credentials securely
  3. Use environment variables for API credentials
  4. Rotate API credentials periodically
  5. Use HTTPS for all API requests
  6. Monitor API usage for suspicious activity

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "success": false,
  "message": "UNAUTHORIZED",
  "error": "Invalid authentication credentials"
}

IP Whitelisting

For enhanced security, you can whitelist IP addresses that are allowed to make API requests:

  1. In the Dev Settings tab, find the "IP Whitelist" section
  2. Add your server IPs
  3. Wait for approval (usually instant)
  4. Verify whitelist status

Next Steps

Getting StartedPayin