API Keys
Every request to the Settlx API must include your API key in the Authorization header.
Authorization: Bearer pgk_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
API keys are sensitive credentials. Never expose them in frontend code, mobile apps, or public repositories. All requests must originate from your backend server.
Getting Your API Key
- Log in to your Settlx dashboard
- Go to Settings → API Keys
- Click Create New Key
- Copy the key immediately — it is only shown once
All production API keys begin with the prefix pgk_live_.
Example Request
curl -X POST https://api.settlx.io/api/v1/invoices \
-H "Authorization: Bearer pgk_live_xxxxxxxx" \
-H "Content-Type: application/json" \
-d '{"amount": "100.00", "currency": "USDT"}'
Authentication Errors
| Status | Message | Reason |
|---|
401 | Missing or invalid Authorization header | Header not provided or not in Bearer <key> format |
401 | Invalid API key | Key not found or has been revoked |
401 | API key has expired | Key passed its expiry date |
403 | Merchant account is not active | Account is suspended or pending review |
Rate Limits
Requests are rate limited based on your account tier.
| Tier | Read requests | Write requests |
|---|
| Free | 60 / minute | 30 / minute |
| Pro | 300 / minute | 150 / minute |
X-RateLimit-Limit: 30
X-RateLimit-Remaining: 28
X-RateLimit-Reset: 1744329600
429 Too Many Requests with a retryAfter value in seconds.
Best Practices
- Store your API key in an environment variable, never hardcoded
- Rotate your key periodically from the dashboard
- Revoke any key you suspect has been compromised immediately
