Symbol

getpaidhq

HomeDocs
DocumentationDeveloper GuideRelease Notes
API Reference

Authentication

Authenticate GetPaidHQ API requests with bearer API keys.

Most API routes require an API key. Send it as a bearer token:

curl https://api.getpaidhq.com/api/customers \
  -H "Authorization: Bearer YOUR_API_KEY"

The server also accepts the x-api-key header:

curl https://api.getpaidhq.com/api/customers \
  -H "x-api-key: YOUR_API_KEY"

Do not put API keys in browser code, mobile apps, logs, or URLs.

Public routes

These routes do not require bearer API authentication:

  • GET /api/health
  • POST /api/notify
  • GET /openapi.json

POST /api/notify is the payment-provider webhook receiver. Provider-specific signature verification happens inside that flow.

Failed authentication

Unauthenticated requests return:

{
  "code": "authentication_error",
  "message": "unauthorized",
  "details": null
}

Rotate keys if they are exposed, and use separate keys for separate services where possible.

API Overview

How the current GetPaidHQ REST API is structured.

Rate Limits

Current API rate-limit behavior.

On this page

Public routesFailed authentication