Skip to main content

API Keys

The Bila API uses API keys to authenticate requests. You can view and manage your API keys in the merchant dashboard.

Key Types

Key TypePrefixEnvironmentDescription
Live Secret Keysk_live_ProductionUse for live transactions
Test Secret Keysk_test_SandboxUse for testing and development
Keep your API keys secure! Do not share them in publicly accessible areas such as GitHub, client-side code, or anywhere else that could be accessed by unauthorized parties.

Making Authenticated Requests

Include your API key in the x-api-key header with every request: 
curl -X GET "https://api.usebila.com/api/v1/bila/accounts" \
  -H "x-api-key: sk_live_your_api_key_here" \
  -H "Content-Type: application/json"

Authentication Errors

If authentication fails, you’ll receive a 401 Unauthorized response: 
{
  "status": false,
  "message": "Unauthorized - Invalid or missing API key"
}

Common Authentication Issues

ErrorCauseSolution
Missing API keyNo x-api-key headerAdd the header to your request
Invalid API keyKey doesn’t exist or is malformedCheck your key in the dashboard
Expired API keyKey has been revokedGenerate a new key
Wrong environmentUsing test key in productionUse the correct key type

Best Practices

Use environment variables or a secrets manager to store your API keys. Never hardcode them in your source code.
Use test keys (sk_test_) for development and live keys (sk_live_) for production.
Regularly rotate your API keys as a security best practice.
If available, create keys with only the permissions your application needs.