# Authentication

The Cashramp GraphQL API is secured with **API keys**. Generate and manage these keys in the [Developer Dashboard](https://cashramp.co/commerce).

<table><thead><tr><th width="113.66668701171875">Key</th><th width="145.44439697265625">Prefix</th><th>Intended use</th><th>Keep it where?</th></tr></thead><tbody><tr><td><strong>Public key</strong></td><td><code>CSHRMP-PUBK_</code></td><td>Client-side calls that <em>cannot</em> modify account data (e.g., widget embeds).</td><td>Safe to expose in front-end code.</td></tr><tr><td><strong>Secret key</strong></td><td><code>CSHRMP-SECK_</code></td><td>Server-to-server requests; full account access.</td><td>Store securely (env vars, vault). <strong>Never commit or share.</strong></td></tr></tbody></table>

> Cashramp **does not** retain your secret key. Copy it once, keep it safe.

{% hint style="danger" %}
If a key is leaked, log in to the dashboard, **rotate the key immediately**. Rotation revokes the old key and issues a new one.
{% endhint %}

***

## Authenticating a Request

The API uses **Bearer auth**. Send your **secret key** in the `Authorization` header:

```
Authorization: Bearer CSHRMP-SECK_xxxxxxxxxxxxxxxxxxxxxx
```

### Example

{% tabs %}
{% tab title="NodeJS SDK" %}

```javascript
import Cashramp from "cashramp";

const cashramp = new Cashramp({
  env: "production", // or "test" for staging
  secretKey: process.env.CSHRMP_SECRET_KEY,
});
```

{% endtab %}

{% tab title="Ruby SDK" %}

```ruby
require "cashramp"

client = Cashramp::Client.initialize(
  env: :production, # or :test for staging
  secret_key: ENV["CSHRMP_SECRET_KEY"]
)
```

{% endtab %}

{% tab title="Go SDK" %}

```go
import (
  "os"
  cashrampsdk "github.com/rockets-hq/cashramp-sdk-go"
)

client, err := cashrampsdk.InitialiseClient(
  "live", // or "test" for staging
  os.Getenv("CSHRMP_SECRET_KEY"),
)
if err != nil {
  panic(err)
}
```

{% endtab %}

{% tab title="Node (axios)" %}

```javascript
import axios from "axios";

const cashramp = axios.create({
  baseURL: "https://api.useaccrue.com/cashramp/api/graphql",
  headers: {
    Authorization: `Bearer ${process.env.CSHRMP_SECRET_KEY}`,
  },
});
```

{% endtab %}

{% tab title="Python (requests)" %}

```python
import os
import requests

CASHRAMP_URL = "https://api.useaccrue.com/cashramp/api/graphql"

cashramp = requests.Session()
cashramp.headers.update({
    "Authorization": f"Bearer {os.environ['CSHRMP_SECRET_KEY']}",
    "Content-Type": "application/json",
})
```

{% endtab %}

{% tab title="Ruby (net/http)" %}

```ruby
require "net/http"
require "uri"
require "json"

CASHRAMP_URL = URI("https://api.useaccrue.com/cashramp/api/graphql")

def cashramp_request(query, variables = {})
  http = Net::HTTP.new(CASHRAMP_URL.host, CASHRAMP_URL.port)
  http.use_ssl = true
  req = Net::HTTP::Post.new(CASHRAMP_URL)
  req["Authorization"] = "Bearer #{ENV['CSHRMP_SECRET_KEY']}"
  req["Content-Type"] = "application/json"
  req.body = { query: query, variables: variables }.to_json
  JSON.parse(http.request(req).body)
end
```

{% endtab %}

{% tab title="Go (net/http)" %}

```go
package main

import (
  "bytes"
  "encoding/json"
  "net/http"
  "os"
)

const cashrampURL = "https://api.useaccrue.com/cashramp/api/graphql"

func cashrampRequest(query string, variables map[string]any) (*http.Response, error) {
  body, _ := json.Marshal(map[string]any{"query": query, "variables": variables})
  req, err := http.NewRequest("POST", cashrampURL, bytes.NewBuffer(body))
  if err != nil {
    return nil, err
  }
  req.Header.Set("Authorization", "Bearer "+os.Getenv("CSHRMP_SECRET_KEY"))
  req.Header.Set("Content-Type", "application/json")
  return http.DefaultClient.Do(req)
}
```

{% endtab %}

{% tab title="cURL" %}

```bash
curl https://api.useaccrue.com/cashramp/api/graphql \
  -H "Authorization: Bearer $CSHRMP_SECRET_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "query": "{ account { id accountBalance } }" }'
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
All requests must be over **HTTPS**. Calls without valid authentication are rejected.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cashramp.co/cashramp/introduction/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Key	Prefix	Intended use	Keep it where?
Public key	`CSHRMP-PUBK_`	Client-side calls that cannot modify account data (e.g., widget embeds).	Safe to expose in front-end code.
Secret key	`CSHRMP-SECK_`	Server-to-server requests; full account access.	Store securely (env vars, vault). Never commit or share.