Authentication

Primer uses API keys to authenticate requests. You can manage API keys in the Developers area of the dashboard.

As API keys carry many privileges such as authorizing payments, it is important to keep them private and secure. Do not hardcode or share API keys (particularly in your source version control system), and they should only be used in your backend.

Authentication is handled via HTTP headers, specifically the X-Api-Key header.

$curl -X POST 'https://api.primer.io/<ENDPOINT>' \
> --header 'X-Api-Key: <YOUR_API_KEY>'

Managing API Keys

Head up to the Developers area on the dashboard to manage your API keys.

You will be able to generate or revoke API keys and edit their respective scopes. Be aware that any changes to existing API keys will be reflected immediately and could cause unwanted side effects.

Available scopes

ScopeDescription
client_tokens:writeCreate client tokens for use with the client SDK.
third_party:webhook_triggerAllows you to post to our webhooks endpoint. API keys with this scope can be used to enable communication between your processor and Primer about important payment lifecycle events.
transactions:authorizeAuthorize a payment
transactions:cancelCancel a payment.
transactions:captureSubmit a payment for settlement.
transactions:retrieveRetrieve one or more payments.
transactions:refundRefund a payment.
payment_instrument:readRead stored payment methods.
payment_instrument:writeWrite stored payment methods.