API Key Authentication
All Partner API endpoints (except hosted onboarding pages) require authentication via API key headers.
Include both headers in every request:
| Header | Description |
|---|
X-Partner-Client-Id | Your client ID (UUID) |
X-Partner-Client-Secret | Your client secret |
Example
curl -X GET https://api.acountpay.com/v1/partner/merchants \
-H "X-Partner-Client-Id: a1b2c3d4-e5f6-7890-abcd-ef1234567890" \
-H "X-Partner-Client-Secret: your-64-char-hex-secret"
Generating Credentials
- Log in to the Partner Dashboard
- Navigate to API Credentials
- Click Generate and give the credential a name
- Copy the Client ID and Client Secret immediately — the secret is only shown once
Store your client secret securely. If lost, you can rotate it from the Partner Dashboard (which generates a new secret and invalidates the old one).
Code Examples
const response = await fetch('https://api.acountpay.com/v1/partner/merchants', {
headers: {
'X-Partner-Client-Id': process.env.ACOUNTPAY_CLIENT_ID,
'X-Partner-Client-Secret': process.env.ACOUNTPAY_CLIENT_SECRET,
'Content-Type': 'application/json',
},
});
import requests
headers = {
'X-Partner-Client-Id': os.environ['ACOUNTPAY_CLIENT_ID'],
'X-Partner-Client-Secret': os.environ['ACOUNTPAY_CLIENT_SECRET'],
'Content-Type': 'application/json',
}
response = requests.get('https://api.acountpay.com/v1/partner/merchants', headers=headers)
curl -X GET https://api.acountpay.com/v1/partner/merchants \
-H "X-Partner-Client-Id: $ACOUNTPAY_CLIENT_ID" \
-H "X-Partner-Client-Secret: $ACOUNTPAY_CLIENT_SECRET"
Credential Management
| Endpoint | Method | Description |
|---|
/partner/credentials | GET | List all credentials |
/partner/credentials | POST | Generate new credential |
/partner/credentials/{id}/rotate | POST | Rotate secret (invalidates old) |
/partner/credentials/{id} | DELETE | Revoke credential |
Best Practices
- Use separate credentials for sandbox and production
- Store secrets in environment variables, never in code
- Rotate secrets periodically
- Revoke unused credentials
