Skip to main content

Overview

Superbank uses API key authentication to secure all API requests. Every request must include your API key in the X-Api-Key header.

Getting Your API Key

  1. Log in to the Superbank Dashboard
  2. Navigate to API Keys
  3. Click Create API Key
  4. Copy and securely store your API key
API keys are only shown once at creation. Store them securely - you cannot retrieve them later.

Using Your API Key

Include the X-Api-Key header in every API request: 
curl -X GET https://api-sandbox.superbank.com/v1/payments \
  -H "X-Api-Key: your-api-key"

API Key Types

TypeEnvironmentPurpose
Sandboxapi-sandbox.superbank.comDevelopment and testing
Productionapi.superbank.comLive transactions
Sandbox keys cannot access Production, and vice versa.

Security Best Practices

Do

  • Store API keys in environment variables or secure vaults
  • Use different keys for each environment
  • Rotate keys regularly
  • Restrict key access to authorized personnel only

Don’t

  • Commit API keys to version control
  • Share keys via email or chat
  • Use production keys in development
  • Expose keys in client-side code

Environment Variables

Store your API key securely:
.env
SUPERBANK_API_KEY=your-api-key
Access it in your code: 
const apiKey = process.env.SUPERBANK_API_KEY;

Handling Authentication Errors

If authentication fails, the API returns a 401 Unauthorized response: 
{
  "status_code": 401,
  "message": "Unauthorized",
  "error": "Invalid or missing API key"
}
Common causes:
  • Missing X-Api-Key header
  • Invalid or revoked API key
  • Using the wrong key for the environment

Next Steps

Error Handling

Learn about error responses

Make Your First Request

Create your first payment