Authentication

All public merchant API requests require an Authorization header with a Yera Connect secret key.

curl https://app.yeraconnect.io/api/v1/checkout/sessions \
  -H "Authorization: Bearer yera_test_sk_your_secret_key" \
  -H "Content-Type: application/json"

• Sandbox secret keys start with yera_test_sk_.
• Live secret keys start with yera_live_sk_.
• API requests must be made from trusted server-side code.
• Never expose secret keys in browser code, mobile apps, or public repositories.

Merchant API keys can be scoped. The current public scopes include checkout_sessions:create, payment_links:create, transactions:read, and webhooks:manage.