Authentication
Learn how to authenticate your API requests securely.
API Keys
Every request to the Soledgic API must include your API key in the x-api-key header.
curl -X POST https://api.soledgic.com/v1/record-sale \
-H "x-api-key: sk_test_abc123..." \
-H "Content-Type: application/json" \
-d '{"creator_id": "123", "amount": 1999}'Test vs Live Keys
Soledgic provides two separate environments with their own API keys:
Test Mode
Keys start with sk_test_
- • Sandbox data, no real transactions
- • Safe for development and testing
- • No billing impact
Live Mode
Keys start with sk_live_
- • Real transactions and data
- • Counts toward your plan limits
- • Use in production only
Important: Test and live data are completely isolated. Creators, transactions, and balances in test mode do not affect your live ledger.
Keeping Keys Secure
API keys provide full access to your ledger. Follow these best practices:
Use environment variables
Never hardcode keys in your source code
Keep keys server-side
Never expose keys in frontend JavaScript or mobile apps
Rotate keys if compromised
Generate new keys immediately if you suspect exposure
Don't commit to version control
Add your .env files to .gitignore
Using Environment Variables
Store your API key in an environment variable:
.env
SOLEDGIC_API_KEY=sk_test_abc123...
Node.js
const apiKey = process.env.SOLEDGIC_API_KEY;
fetch('https://api.soledgic.com/v1/record-sale', {
method: 'POST',
headers: {
'x-api-key': apiKey,
'Content-Type': 'application/json',
},
body: JSON.stringify({ ... }),
});Python
import os
import requests
api_key = os.environ.get('SOLEDGIC_API_KEY')
response = requests.post(
'https://api.soledgic.com/v1/record-sale',
headers={'x-api-key': api_key},
json={'creator_id': '123', 'amount': 1999}
)Authentication Errors
If authentication fails, you'll receive one of these errors:
| Status | Error | Cause |
|---|---|---|
401 | Missing API key | No x-api-key header provided |
401 | Invalid API key | Key doesn't exist or was revoked |
403 | Ledger suspended | Account is suspended or canceled |
Rate Limits
API requests are rate-limited to ensure fair usage:
| Endpoint | Limit |
|---|---|
| All endpoints | 1,000 requests/minute |
| record-sale | 100 requests/second |
When rate limited, you'll receive a 429 Too Many Requests response. The Retry-After header indicates when you can retry.