Authentication

API keys and Bearer authentication

The Billingrails API uses Bearer authentication per RFC 6750. Include your API key in the Authorization header of every request:

curl -X GET 'https://sandbox-api.billingrails.com/v1/accounts' \
  -H 'Authorization: Bearer YOUR_API_KEY'

Security

Store API keys in a dedicated secret management system. Never commit them to source control.
Rotate keys periodically. You can have multiple active keys to enable zero-downtime rotation.
Revoke compromised keys immediately via the dashboard.
All requests require HTTPS.

Error handling — Authentication error codes

Introduction

Understanding the structure of Billingrails API requests and responses

Idempotency

Retry safety for API operations

On this page

Security Related