Authentication - Bila API Documentation

The Bila API authenticates requests via API keys. Manage your keys in the Bila Console.

Key Types

Key Type	Prefix	Environment	Description
Live Secret Key	`sk_live_`	Production	Use for live transactions
Test Secret Key	`sk_test_`	Sandbox	Use for testing and development

Never share API keys in client-side code, public repositories, or anywhere accessible without authentication.

Include your API key in the x-api-key header with every request:

curl -X GET "https://api.usebila.com/api/v1/bila/accounts" \
  -H "x-api-key: sk_live_your_api_key_here" \
  -H "Content-Type: application/json"

Failed authentication returns a 401 response:

{
  "status": false,
  "message": "Unauthorized - Invalid or missing API key"
}

Error	Cause	Solution
Missing API key	No `x-api-key` header	Add the header to your request
Invalid API key	Key doesn’t exist or is malformed	Check your key in the dashboard
Expired API key	Key has been revoked	Generate a new key
Wrong environment	Using test key in production	Use the correct key type

Store keys securely

Use environment variables or a secrets manager to store your API keys. Never hardcode them in your source code.

Use different keys for different environments

Use test keys (sk_test_) for development and live keys (sk_live_) for production.

Rotate keys periodically

Regularly rotate your API keys as a security best practice.

Restrict key permissions

If available, create keys with only the permissions your application needs.