Authentication

Every request is authenticated with an API key, sent as a Bearer token:

curl https://api.plustiveimpact.com/api/v1/balance \
  -H "Authorization: Bearer pk_live_xxxxxxxxxxxx"

Getting a key

Create and manage keys from API keys in your dashboard. A key is shown once, at creation — store it securely. We only ever keep a hash and the non-secret prefix (pk_live_…).

Keeping keys safe

Server-side only. Never embed a key in a browser, mobile app, or public repo — it can buy data from your wallet.
Rotate freely. Issue a new key, deploy it, then revoke the old one. Revocation is immediate.
One key per integration. Separate keys per server/environment make rotation and auditing painless.

Errors

A missing or invalid key returns 401 Unauthorized. All errors use a consistent shape:

{
  "type": "https://www.rfc-editor.org/rfc/rfc7235#section-3.1",
  "title": "Unauthorized",
  "status": 401,
  "detail": "Invalid API key.",
  "errors": [{ "name": "generalErrors", "reason": "Invalid API key." }]
}

Read detail for a human-readable message; errors[].reason carries the same.

Getting a key​

Keeping keys safe​

Errors​

Getting a key

Keeping keys safe

Errors