ReloadCard
/Docs

Authentication

All API requests require a Bearer token. API keys are scoped to a single merchant.

API key format

rc_live_a3b8c2d1e4f5a6b7c8d9e0f1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d7e8f9

Keys start with rc_live_ followed by 64 hexadecimal characters.

Using your key

Include the key in the Authorization header:

Authorization: Bearer rc_live_your_api_key_here

Security

  • Your API key is shown once when created. We store only the SHA-256 hash.
  • If you lose your key, revoke it and create a new one.
  • Keys can have expiration dates — set these for extra security.
  • Never expose your key in client-side code or version control.

Creating API keys

  1. Log in to your merchant dashboard
  2. Go to Settings → API Keys
  3. Click Generate New Key
  4. Copy the key immediately — it won't be shown again

Rate limiting

API requests are rate limited per endpoint. If you exceed the limit, you'll receive a429 Too Many Requests response. Wait and retry.

Error responses

// Missing or invalid key
{ "error": "Invalid or missing API key" }  // 401

// Rate limited
{ "error": "Too many requests" }  // 429