Authentication
Authenticate every API call with scoped Bearer keys.
Zedy Gateway uses secret API keys for server-to-server REST calls. Keys are environment scoped and carry explicit permissions.
Keep secret keys on the server
Never expose sk_live_ or sk_test_ in browser code. Browser tokenization will use a future public key family.
Authenticated request
curl https://wl.zedy.com.br/api/v1/charges/ch_xxx \ -H "Authorization: Bearer sk_test_xxx"Key families
| Field | Type | Description |
|---|---|---|
sk_test_ | secret | Sandbox API key. Creates TEST data only. |
sk_live_ | secret | Production API key. Creates LIVE data only. |
Common permissions
| Field | Type | Description |
|---|---|---|
charges:create | write | Create charges and capture authorized charges. |
charges:read | read | Retrieve charges in the API key scope. |
payment_methods:tokenize | write | Exchange raw card data for a reusable token. |
Authentication errors
Invalid key
{ "error": { "type": "authentication_error", "code": "invalid_api_key", "message": "Missing or invalid API key.", "request_id": "req_xxx" }}