Authentication Headers
All API requests must include the following headers:
| Header | Description | Example |
|---|---|---|
X-Api-Key | Your merchant API key | PSTG6ELOB2YXKO4ZHRQ6NKTSBY |
X-Timestamp | Millisecond-level timestamp (13 digits) | 1737554400000 |
X-Signature | HMAC-SHA256 signature (Base64 encoded) | abc123...xyz |
Content-Type | Request content type | application/json |
How to Get Your API Credentials
To access your API Key and API Secret:
Log into the Merchant Portal Visit https://merchant.paystablecoin.global and sign in with your merchant account credentials.
Navigate to API Settings In the navbar, find and click on the API Settings section.
View Your Credentials You will see two values displayed:
- API Key (e.g.,
PSTG6ELOB2YXKO4ZHRQ6NKTSBY) - API Secret (e.g.,
MpkvVlXvYTZVPPJ0LReNA-g_yC7V7foe4UAj7tgWJSM)
- API Key (e.g.,
SAVE YOUR CREDENTIALS
Copy and securely store both your API Key and API Secret in a safe location (e.g., password manager or secure environment variables). You'll need these for all API integrations.
Understanding Your API Credentials
When you register as a merchant, you will receive two types of credentials:
API Key (Access Key ID - AK)
- Purpose: Public access key used to identify your merchant account
- Usage: Include in the
X-Api-Keyheader of every API request - Security: Can be included in request headers, but should not be exposed publicly
- Example:
PSTG6ELOB2YXKO4ZHRQ6NKTSBY
API Secret (Secret Access Key - SK)
- Purpose: Private key used to sign requests and ensure security and integrity
- Usage: Used to calculate the HMAC-SHA256 signature (never sent directly in requests)
- Security: Must be kept confidential - never expose in client-side code or public repositories
- Example:
MpkvVlXvYTZVPPJ0LReNA-g_yC7V7foe4UAj7tgWJSM
Merchant ID
- Purpose: Unique identifier for your merchant account, required in API endpoint URLs
- Usage: Used in API paths like
/api/v1/merchants/{merchantId}/orders - Example:
1000 - Important: Your Merchant ID is provided during the registration process. Save it immediately (like a seed phrase) as it will be needed for all API calls.
LOST YOUR MERCHANT ID?
If you didn't save your Merchant ID during registration, contact our business support team to recover it. We recommend storing it securely alongside your API credentials.
IMPORTANT
Never share or commit your API Secret! The API Secret is used to generate the signature but should never be transmitted directly in API requests. If your API Secret is compromised, contact support immediately to regenerate your credentials.
Using Example Values in Documentation
Throughout this documentation, you will see example credentials used in code samples:
- API Key:
PSTG6ELOB2YXKO4ZHRQ6NKTSBY - API Secret:
MpkvVlXvYTZVPPJ0LReNA-g_yC7V7foe4UAj7tgWJSM - Merchant ID:
1000
REPLACE EXAMPLE VALUES
These are placeholder values for demonstration only. You MUST replace them with your actual credentials:
- ❌
PSTG6ELOB2YXKO4ZHRQ6NKTSBY→ ✅ Your actual API Key from merchant portal - ❌
MpkvVlXvYTZVPPJ0LReNA-g_yC7V7foe4UAj7tgWJSM→ ✅ Your actual API Secret from merchant portal - ❌
1000→ ✅ Your actual Merchant ID from registration
Using example credentials will result in authentication failures.
Related Documentation
- Signature Algorithm - Learn how to calculate signatures
- Important Notes - Check timestamp and JSON format requirements