Skip to main content

API key

Every request to the DPay Web EID API requires an API key sent as a Bearer token in the Authorization header.

Generating a key

You can obtain an API key in the administration panel at /admin/api-keys. Each key is assigned to a tenant and can be deactivated or revoked at any time.

Key format

EnvironmentPrefixExample
Productiondeid_live_deid_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Test / Sandboxdeid_test_deid_test_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Both key types work identically at the API level. The difference is that sessions created with a test key are marked as test sessions and are not billed.

Using the key in a request

curl https://hub.dpay.pl/api/v1/verifications \
-H "Authorization: Bearer deid_live_your_api_key" \
-H "Content-Type: application/json"

Security

Never disclose your key
  • Do not commit the key to a source code repository
  • Do not include the key in frontend code or mobile applications
  • Store the key only in server-side environment variables (.env, secrets vault)
  • If the key is exposed, revoke it immediately in the panel and generate a new one

Authentication error codes

HTTP codeError codeDescription
401AUTHENTICATION_REQUIREDMissing Authorization header
401INVALID_API_KEYThe key is invalid, expired or revoked
401TENANT_NOT_FOUNDNo tenant found for this key
403TENANT_SUSPENDEDThe tenant account has been suspended

Example error response

{
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid, expired, or has been revoked."
}
}