Authentication
The Yugo API uses API keys to authenticate requests. All API requests must include your API key in the request headers.
API Keys
You'll receive API keys from Yugo during onboarding:
| Key Type | Prefix | Usage |
|---|---|---|
| Test Key | test_ | Development and testing |
| Live Key | live_ | Production transactions |
Making Authenticated Requests
Include your API key in the x-api-key header:
bash
curl https://api.yugo.finance/transaction/?transactionId={id} \
-H "x-api-key: YOUR_API_KEY"Example Request
bash
curl https://api.yugo.finance/transaction/create-bank-transfer \
-H "x-api-key: 4f8a1e92-3b67-44d8-9a6f-12c5e8b9d7a3" \
-H "Content-Type: application/json" \
-d '{
"amount": "100.00",
"names": "John Doe",
"userId": "user-123",
"userAddress1": "123 Main St",
"userIpAddress": "87.126.116.201",
"userPassedKyc": true,
"userPassedAml": true
}'Security Best Practices
Do
- ✅ Store API keys in environment variables
- ✅ Use different keys for test and production
- ✅ Rotate keys periodically
- ✅ Use HTTPS for all API requests
Don't
- ❌ Hardcode API keys in source code
- ❌ Commit API keys to version control
- ❌ Share API keys in public forums
- ❌ Use production keys in development
Environment Variables
Store your API key securely:
bash
# .env file (never commit this)
YUGO_API_KEY=your_api_key_herejavascript
// Node.js
const apiKey = process.env.YUGO_API_KEY;python
# Python
import os
api_key = os.environ.get('YUGO_API_KEY')Request Requirements
| Requirement | Details |
|---|---|
| Protocol | HTTPS only |
| Header | x-api-key: YOUR_API_KEY |
| Content-Type | application/json for POST requests |
Authentication Errors
| Status Code | Meaning |
|---|---|
401 | Missing or invalid API key |
403 | API key doesn't have permission for this resource |
Rate Limiting
API requests are rate-limited to ensure fair usage. Contact Yugo for specific rate limit details for your account.