Skip to main content

API Key Authentication

All Shakesco API requests require authentication using bearer tokens, regardless of which API product you’re using.

Getting Your API Key

1

Create account

Sign up at users.shakesco.com
2

Deploy appropriate account

Deploy the account type needed for your use case: - Business Auto account - For recurring subscriptions - Personal account - For payment links
3

Get API key

Retrieve your API key from the dashboard

Using Your API Key

Include your API key in the Authorization header for all requests: 
Authorization: Bearer YOUR_API_KEY
Auto-Payments example: 
const response = await fetch("https://autopay.shakesco.com/request", {
  method: "POST",
  headers: {
    Authorization: "Bearer sk_live_abc123...",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    // request body
  }),
});
Payment Links example: 
const response = await fetch("https://autopay.shakesco.com/support_session", {
  method: "POST",
  headers: {
    Authorization: "Bearer sk_live_abc123...",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    // request body
  }),
});

API Products & Requirements

Different API products may have different account requirements:
API ProductRequired AccountGet Started
Auto-PaymentsBusiness Auto accountDeploy guide
Payment LinksPersonal account + .sns usernameGet username
CheckoutBusiness Auto accountSetup guide

Security Best Practices

Never expose your API key in client-side code. Always make API calls from your backend server.
Recommended:
  • Store API keys in environment variables
  • Use different keys for development and production
  • Rotate keys periodically
  • Never commit keys to version control
  • Use separate keys for different projects
Example with environment variables: 
const API_KEY = process.env.SHAKESCO_API_KEY;

const response = await fetch("https://autopay.shakesco.com/request", {
  headers: {
    Authorization: `Bearer ${API_KEY}`,
  },
});

Testing

Use the test endpoints to verify your integration without charges: Auto-Payments:
  • /delegate_address - Get test user address
  • /buss_delegate_address - Get test business address
Payment Links:
  • All endpoints work in test mode with Sepolia testnet
Test addresses are automatically funded.

Authentication Errors

401 Unauthorized Missing or invalid API key: 
{
  "error": "Unauthorized"
}
Solutions:
  • Verify API key is correct
  • Check Bearer prefix is included
  • Ensure key matches the environment (test vs production)
  • Confirm key is associated with the correct account type
403 Forbidden Valid API key but insufficient permissions: 
{
  "error": "Forbidden"
}
Solutions:
  • Verify account type matches API product (e.g., Business Auto for subscriptions)
  • Check account is fully deployed and funded
  • Ensure .sns username is registered (for payment links)