Every request to the Paysquad API must be authenticated with HTTP Basic Auth.
Header
Authorization: Basic {MerchantId:ApiSecretKey}
Combine your MerchantId and ApiSecretKey with a colon separator, then base64-encode the result.
Example
For MerchantId = 00000000-0000-0000-0000-000000000000 and ApiSecretKey = SECRETKEY:
Authorization: Basic MDAwMDAwMDAtMDAwMC0wMDAwLTAwMDAtMDAwMDAwMDAwMDAwOlNFQ1JFVEtFWQ==
Getting keys
Keys are provisioned per Merchant account, per environment. You can find them in the Paysquad Merchant Portal under Developer → API Keys, or request them from [email protected].
Rotation
You can rotate your ApiSecretKey in the Merchant Portal at any time. The previous key is invalidated immediately on rotation, so schedule it during a low-traffic window or coordinate a cutover.
Environment separation
Sandbox and Production have distinct MerchantId and ApiSecretKey values. Calling the production API with a sandbox key (or vice versa) returns a 401.
Rate limits
Paysquad applies fair-use rate limits. In normal operation you should not hit them. If you do, you'll receive a 429 response. Back off and retry. Contact us if you have a use case that requires a bulk quota (for example, a payment orchestrator or ecommerce platform fronting many Merchants).