Infracard

Authentication

Authenticate requests to the Infracard Merchant API

API Key Authentication

All API requests must include your API key in the x-api-key header.

GET/merchants/balance

Example authenticated request. All endpoints require the x-api-key header.

x-api-keyRequiredstring

Your merchant API key, passed as a request header

curl -X GET https://api.infracard.co/merchants/balance \
  -H "x-api-key: your-api-key"

Getting Your API Key

API keys are issued through the Infracard merchant dashboard. Each key is scoped to a single merchant account.

Security Best Practices

  • Never expose your API key in client-side code or public repositories
  • Rotate keys regularly through the merchant dashboard
  • Use environment variables to store keys in your application
  • Restrict access to the key within your organization

Request Format

All requests must:

  1. Use HTTPS (HTTP requests are rejected)
  2. Include the x-api-key header
  3. Set Content-Type: application/json for request bodies
const response = await fetch('https://api.infracard.co/merchants/balance', {
  headers: {
    'x-api-key': process.env.INFRACARD_API_KEY!,
    'Content-Type': 'application/json',
  },
})

Unauthorized Responses

Requests without a valid API key return a 401 Unauthorized response:

{
  "statusCode": 401,
  "message": "Unauthorized"
}

Getting Started

Start building with the Infracard Merchant API

Webhooks

Receive real-time notifications for card events

On this page

API Key AuthenticationGetting Your API KeySecurity Best PracticesRequest FormatUnauthorized Responses