All guides
Getting started · 3 min

Authentication

Every API request carries a bearer token. Keys are scoped per environment and rotate without downtime.

Every API request carries a bearer token. Keys are scoped per environment and rotate without downtime.

Bearer tokens

Pass your key in the Authorization header on every request.

Authorization: Bearer kb_live_51Hxxxxxxxx

Environments

  • kb_test_ keys write to a sandboxed ledger with fake payments — safe for CI.
  • kb_live_ keys bill real money.

Test and live data never mix.

Rotation & scoping

Generate a second key, deploy it, then revoke the first — both stay valid during the overlap. Keys can be restricted to event ingestion only, so the credential in your product's hot path can't read customer data.