Skip to main content
Every request to the UnitPay API is authenticated with an API key sent in the x-api-key header. The base URL is:
https://api.useunitpay.com/v1
curl https://api.useunitpay.com/v1/customers \
  -H "x-api-key: $UNITPAY_SECRET_KEY" \
  -H "content-type: application/json"

Key types

PrefixNameUse it for
upay_sk_…Secret keyServer-side calls. The only key that may track usage and move money. Never ship it to the browser.
upay_pk_…Publishable keySafe-to-expose reads used by client SDKs. Cannot track usage or mutate billing.
Your secret key can charge customers and deduct credits. Keep it on your server and in environment variables — never in a client bundle, a repo, or a browser request. For customer-facing UIs, mint a short-lived portal token instead (see React SDK).

Sandbox vs live

A key is bound to one organization and one environment — either sandbox (test) or live. The environment is baked into the key, not the URL or a header: the same key always hits the same environment. Get one of each from the dashboard.

Sandbox

A throwaway copy of your catalog for building and testing. Use Stripe’s test cards — nothing charges a real card, no real money moves. This is where Asterix drafts your catalog.

Live

Real customers, real cards, real invoices. Switch by swapping the key — your code doesn’t change.
Because the environment lives in the key, moving from sandbox to live is a one-line change: swap upay_sk_… (test) for upay_sk_… (live). Keep them in separate environment variables so a test key never runs in production.

Store it in the environment

.env
UNITPAY_SECRET_KEY=upay_sk_...
The Node SDK reads UNITPAY_API_KEY automatically if you don’t pass a key explicitly:
import { UnitPay } from '@unitpay/node';

const unitpay = new UnitPay({ apiKey: process.env.UNITPAY_SECRET_KEY });

Next steps

Quickstart

Use your key to set up a catalog and run credits end to end.

AI setup

Let Asterix build your sandbox catalog from your pricing page.