The Cashramp API uses API keys to authenticate requests. You can generate your keys by logging in to your Developer Dashboard.

You'll get two keys:

  1. Public Key: As the name suggests, this is intended for public use, such as in front-end JavaScript code. Think of it as a username. Anyone can know/see it. For Cashramp, it's how we'll know who's making a request.

    • Public keys usually have a CSHRMP-PUBK prefix.

  2. Secret Key: As the name suggests, this is not intended for public use. It's a "god-mode" type of key that can authorize any action on your account, and as such, you are the only one that should ever have access to this key. Cashramp never stores your Secret Key. It'll be generated once and sent to you. Copy and keep it in a secure place (e.g., Environment Variables).

    • Secret keys usually have a CSHRMP-SECK prefix.

If you think your keys may have been compromised (e.g., you accidentally committed them to a public Git repository), you should immediately generate new keys from your Developer Dashboard.

This will revoke all the capabilities of any existing keys. You can then update your app to use the new keys.

How to authenticate with GraphQL

The Cashramp API authenticates requests via bearer auth. All you need to do is add an Authorization header with the value set to Bearer <YOUR_SECRET_KEY_HERE>.

For example, your header might look like this: Authorization: Bearer CSHRMP-SECK_4eC39HqLyjWDarjtT1zdp7dc

Most GraphQL or HTTP client libraries have some way to add headers to all your requests. Here's a JavaScript example with Axios.

// Some code
const axios = require('axios').default;

const cashrampAPI = axios.create({
    baseURL: process.env.CASHRAMP_API_BASEURL,
    headers: {
        Authorization: `Bearer ${process.env.CASHRAMP_API_SECRET_KEY}`,

All API requests must be made over HTTPS. API requests without authentication will fail.

Last updated