StablePay API 使用 API Key 进行身份验证。所有 API 请求都必须在 HTTP Header 中包含有效的 API Key。
The StablePay API uses API Keys for authentication. All API requests must include a valid API Key in the HTTP Header.
StablePay 提供两种类型的 API 密钥:
| 类型 | 前缀 | 用途 | 环境 |
|---|
| 测试密钥 | sk_test_ | 用于开发和测试环境 | 测试环境(Sandbox) |
| 生产密钥 | sk_live_ | 用于生产环境的真实交易 | 生产环境 |
重要说明:
- 测试密钥和生产密钥使用不同的 API 端点
- 测试密钥产生的交易不会在区块链上真实执行
- 生产密钥产生的交易会产生真实的资金转移
StablePay provides two types of API keys:
| Type | Prefix | Purpose | Environment |
|---|
| Test Key | sk_test_ | For development and testing | Test Environment (Sandbox) |
| Live Key | sk_live_ | For real transactions | Production Environment |
Important Notes:
- Test keys and live keys use different API endpoints
- Transactions with test keys are not actually executed on the blockchain
- Transactions with live keys result in real fund transfers
- 登录 StablePay 商户后台
- 进入 开发者设置 > API 密钥
- 点击 创建新密钥
- 为密钥设置以下信息:
- 名称:便于识别的密钥名称
- 类型:测试密钥或生产密钥
- 权限范围:选择适当的权限级别
- IP 白名单(可选):限制只能从特定 IP 访问
- 点击 创建 并保存密钥
安全警告
API 密钥仅在创建时显示一次! 请立即保存到安全的地方。如果丢失,需要重新生成新密钥。
- Log in to StablePay Merchant Dashboard
- Navigate to Developer Settings > API Keys
- Click Create New Key
- Configure the following:
- Name: A descriptive name for easy identification
- Type: Test key or live key
- Permissions: Select appropriate permission levels
- IP Whitelist (optional): Restrict access to specific IPs
- Click Create and save the key
Security Warning
API keys are only displayed once upon creation! Please save them immediately to a secure location. If lost, you'll need to generate a new key.
curl -X GET https://api.stablepay.co/v1/payment/sessions/sess_123 \
-H "Authorization: Bearer sk_live_abc123..." \
-H "Content-Type: application/json"
| 权限 | 说明 | 可执行操作 |
|---|
| read | 只读权限 | 查询支付会话、交易记录、账户信息等 |
| write | 写入权限 | 创建支付会话、发起退款、更新商户信息 |
| admin | 管理权限 | 删除资源、配置 Webhook、管理 API 密钥 |
| Permission | Description | Available Operations |
|---|
| read | Read-only | Query payment sessions, transactions, account info |
| write | Write | Create payment sessions, initiate refunds, update merchant info |
| admin | Administrative | Delete resources, configure webhooks, manage API keys |
原因:
- API Key 无效或格式错误
- API Key 已过期
- API Key 已被删除或撤销
- 未提供 API Key
Reasons:
- Invalid or malformed API Key
- API Key has expired
- API Key has been deleted or revoked
- No API Key provided
{
"error": {
"type": "authentication_error",
"code": "invalid_api_key",
"message": "Invalid API key"
}
}
原因:
- API Key 缺少执行该操作所需的权限
- API Key 受 IP 白名单限制
- 账户被暂停或受限
Reasons:
- API Key lacks required permissions
- API Key is restricted by IP whitelist
- Account is suspended or restricted
- 使用环境变量 - 不要将 API Key 硬编码在代码中
- 分离测试和生产环境 - 为不同环境使用不同的密钥
- 定期轮换密钥 - 建议每 3-6 个月更换一次
- 使用密钥管理服务 - 推荐 AWS Secrets Manager 或 HashiCorp Vault
- 服务器端认证 - 永远不要在客户端暴露 API Key
- Use Environment Variables - Don't hardcode API Keys in your code
- Separate Test and Production - Use different keys for different environments
- Rotate Keys Regularly - Recommended every 3-6 months
- Use Key Management Services - AWS Secrets Manager or HashiCorp Vault recommended
- Server-Side Authentication - Never expose API Keys on the client side
const client = new StablePay({
apiKey: process.env.STABLEPAY_API_KEY
});
