Authentication
Last updated
Last updated
The Cashramp GraphQL API is secured with API keys. Generate and manage these keys in the .
Public key
CSHRMP-PUBK_
Client-side calls that cannot modify account data (e.g., widget embeds).
Safe to expose in front-end code.
Secret key
CSHRMP-SECK_
Server-to-server requests; full account access.
Store securely (env vars, vault). Never commit or share.
Cashramp does not retain your secret key. Copy it once, keep it safe.
If a key is leaked, log in to the dashboard, rotate the key immediately. Rotation revokes the old key and issues a new one.
The API uses Bearer auth. Send your secret key in the Authorization
header: