Authentication

The Cashramp GraphQL API is secured with API keys. Generate and manage these keys in the Developer Dashboard.

Key

Prefix

Intended use

Keep it where?

Public key

CSHRMP-PUBK_

Client-side calls that cannot modify account data (e.g., widget embeds).

Safe to expose in front-end code.

Secret key

CSHRMP-SECK_

Server-to-server requests; full account access.

Store securely (env vars, vault). Never commit or share.

Cashramp does not retain your secret key. Copy it once, keep it safe.

If a key is leaked, log in to the dashboard, rotate the key immediately. Rotation revokes the old key and issues a new one.

Authenticating a Request

The API uses Bearer auth. Send your secret key in the Authorization header:

Authorization: Bearer CSHRMP-SECK_xxxxxxxxxxxxxxxxxxxxxx

Example (Axios)

import axios from "axios";

const cashramp = axios.create({
  baseURL: "https://api.useaccrue.com/cashramp/api/graphql",
  headers: {
    Authorization: `Bearer ${process.env.CSHRMP_SECRET_KEY}`,
  },
});

All requests must be over HTTPS. Calls without valid authentication are rejected.

PreviousAPI Endpoints NextWebhooks

Last updated 1 month ago