Authentication
The Cashramp GraphQL API is secured with API keys. Generate and manage these keys in the Developer Dashboard.
Key
Prefix
Intended use
Keep it where?
Public key
CSHRMP-PUBK_
Client-side calls that cannot modify account data (e.g., widget embeds).
Safe to expose in front-end code.
Secret key
CSHRMP-SECK_
Server-to-server requests; full account access.
Store securely (env vars, vault). Never commit or share.
Cashramp does not retain your secret key. Copy it once, keep it safe.
If a key is leaked, log in to the dashboard, rotate the key immediately. Rotation revokes the old key and issues a new one.
Authenticating a Request
The API uses Bearer auth. Send your secret key in the Authorization
header:
Authorization: Bearer CSHRMP-SECK_xxxxxxxxxxxxxxxxxxxxxx
Example (Axios)
import axios from "axios";
const cashramp = axios.create({
baseURL: "https://api.useaccrue.com/cashramp/api/graphql",
headers: {
Authorization: `Bearer ${process.env.CSHRMP_SECRET_KEY}`,
},
});
Last updated