02 authentication
Authentication
Stablix uses API keys to authenticate requests. You have two types of keys:
Secret Key
sk_live_xxx
Backend API calls
❌ No
Public Key
pk_live_xxx
Checkout widget
✅ Yes
Secret Key (Backend)
Use your secret key for all server-side API calls. Pass it in the X-API-Key header:
curl https://api.stablix.xyz/api/v1/invoices \
-H "X-API-Key: sk_live_your_secret_key" \
-H "Content-Type: application/json" \
-d '{"amount": 99.99, "currency": "USDC", "chain": "solana"}'// Node.js
const response = await fetch('https://api.stablix.xyz/api/v1/invoices', {
method: 'POST',
headers: {
'X-API-Key': process.env.STABLIX_SECRET_KEY,
'Content-Type': 'application/json'
},
body: JSON.stringify({
amount: 99.99,
currency: 'USDC',
chain: 'solana'
})
});⚠️ Never expose your secret key in frontend code, public repositories, or client-side JavaScript.
Public Key (Frontend)
Use your public key for the checkout widget. Pass it in the X-Public-Key header (the widget handles this automatically):
Public keys can only:
Initialize checkout sessions
Check payment status
They cannot access merchant data, release funds, or perform any other actions.
Test vs Live Keys
Test
sk_test_xxx
pk_test_xxx
Live
sk_live_xxx
pk_live_xxx
Test keys:
Work with testnet/devnet
No real funds processed
Same API behavior as live
Getting Your Keys
Log in to your Stablix Dashboard
Go to Settings → API Keys
Copy your keys
You can rotate keys at any time from the dashboard.
Environment Variables
Store your keys in environment variables:
Error Responses
401
MISSING_API_KEY
No API key provided
401
INVALID_API_KEY
Key doesn't exist or is malformed
401
INVALID_PUBLIC_KEY
Public key doesn't exist
403
FORBIDDEN
Key doesn't have permission for this action
Last updated