Authentication
CashXChain uses bearer tokens for API authentication.
Authorization header
Authorization: Bearer cx_sandbox_...
Key types
| Key type | Environment | Usage |
|---|---|---|
| Sandbox key | Sandbox | Development, testing, simulated payments. |
| Production key | Production | Live payment workflows. |
Server-side only
API keys must only be used from trusted server-side environments. Never expose a CashXChain API key in browser JavaScript, mobile apps, public repositories, logs, or analytics tools.
Scopes
Keys can be scoped to reduce risk. Example scopes:
accounts:read
accounts:write
beneficiaries:write
quotes:write
payments:write
statements:read
webhooks:write
Authentication errors
| HTTP | Code | Meaning |
|---|---|---|
| 401 | authentication_required | Missing bearer token. |
| 401 | invalid_api_key | Key is invalid or revoked. |
| 403 | insufficient_scope | Key lacks required permission. |
| 403 | environment_mismatch | Key was used against the wrong environment. |
Key rotation
Rotate keys regularly and whenever you suspect exposure.
Webhook signatures
API authentication protects requests to CashXChain. Webhook signatures protect events sent from CashXChain to your system. Configure both for a secure integration.