API Authentication

The Copper API uses API keys to authenticate requests.

Test mode secret keys have the prefix sk_test_ and live mode secret keys have the prefix sk_live_.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

Authentication to the API is performed via HTTP Basic Auth. Provide your API key as the basic auth username value. You do not need to provide a password.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

Connected Accounts

Clients can make requests as connected accounts using the special header Copper-Account which should contain a Copper Account id.