Authentication
All API requests require an API key passed in the Authorization header.
Authorization: Bearer sk_live_xxxxxAPI key types
| Key prefix | Mode | Description |
|---|---|---|
sk_live_ | Live | Real payments on real blockchains |
sk_test_ | Test | Mock payments, no blockchain activity |
Inzi determines the mode from the key prefix. No separate “mode” parameter needed.
Getting your keys
- Sign up at inzipay.com/register
- Go to Dashboard → Settings → API Keys
- Generate your test and live keys
Keys are shown only once. Copy and store them securely immediately after generation. If lost, revoke and generate new keys.
Test mode
With a sk_test_ key:
- Checkouts get
chk_test_prefixed IDs - A mock
checkout.completedwebhook fires after 5 seconds - No real blockchain monitoring occurs
- No real tokens are moved
- Webhook payloads include
"test": true
Test mode is ideal for development and CI/CD integration testing.
Security best practices
- Never expose keys client-side. API keys should only be used in server-to-server calls.
- Use environment variables. Don’t hardcode keys in source code.
- Rotate keys periodically. Revoke old keys in the dashboard after rotation.
- Use separate keys per environment. Test keys for staging, live keys for production.
- Restrict webhook URLs to HTTPS. Inzi only delivers webhooks over HTTPS in live mode.