Dashboard

Authentication

Suggest Edits

This page presents how to access MoneyHash's APIs and consume our different API-based services.

How authentication works

The main authentication method in MoneyHash is the Server Side API keys, which are sent in each authenticated request header as X-Api-Key. This API key is used by MoneyHash to identify the following information:

  • The request authorization.
  • The Account linked with the request.
  • Tells MoneyHash if this request is related to the live or test environments.

Below, you find an example of a requisition and how you need to use the X-Api-Key:

curl --location --request POST 'https://web.moneyhash.io/api/v1.1/payments/intent/' \
--header 'X-Api-Key: <YOUR_API_KEY_HERE>' \
--header 'Content-Type: application/json' \
--data-raw '{"amount": 50, "amount_currency": "USD", "operation": "purchase"}'

import requests

api_url = 'https://web.moneyhash.io/api/v1.1/payments/intent/'
api_key = '<YOUR_API_KEY_HERE>'

data = {
    'amount': 50,
    'amount_currency': 'USD',
    'operation': 'purchase'
}

headers = {
    'X-Api-Key': api_key,
    'Content-Type': 'application/json'
}

response = requests.post(api_url, json=data, headers=headers)

print(response.json())


const apiKey = '<YOUR_API_KEY_HERE>';
const apiUrl = 'https://web.moneyhash.io/api/v1.1/payments/intent/';

const data = {
  amount: 50,
  amount_currency: 'USD',
  operation: 'purchase'
};

const headers = {
  'X-Api-Key': apiKey,
  'Content-Type': 'application/json'
};

fetch(apiUrl, {
  method: 'POST',
  headers: headers,
  body: JSON.stringify(data)
})
  .then(response => response.json())
  .then(data => {
    console.log('Response:', data);
  });

Secure your API Keys

API Keys are meant to be secret and you should not publish them. They should live on your backend server.

API Key types

Within the MoneyHash system, two distinct API Key types are employed, each with its specific function:

  • Organization API Key: This key is mostly used to create and list accounts within an organization. You can also use it to authenticate requisitions as the Account API Key, with a few distinct details. You will learn how this works below. If you are not familiar with MoneyHash's concept of an organization, please go to Organization & Account.
  • Account API Key: This key is designed for managing and listing all entities associated with an account, such as payment intents, providers, and transactions. If you are not familiar with MoneyHash's concept of an account, please go to Organization & Account.

Account API Key

Each MoneyHash account has an API key managed through MoneyHash dashboard. An account could have multiple API keys based on the use case. You also can revoke API keys in case they get compromised or if you wish to rotate your keys.

Creating an Account API Key

  1. Navigate to the Integrations tab in the dashboard.
  2. Access Account API Keys.
  3. Click on the "+" button and assign a name to this key.
  4. Choose the account to which this API Key will be linked.

Using the Account API Key

To authenticate your API request using your account API key, you need to do as shown below:

curl --location --request POST 'https://web.moneyhash.io/api/v1.1/payments/intent/' \
--header 'X-Api-Key: <YOUR_ACCOUNT_API_KEY_HERE>' \
--header 'Content-Type: application/json' \
--data-raw '{"amount": 50, "amount_currency": "USD", "operation": "purchase"}'

import requests

api_url = 'https://web.moneyhash.io/api/v1.1/payments/intent/'
api_key = '<YOUR_ACCOUNT_API_KEY_HERE>'

data = {
    'amount': 50,
    'amount_currency': 'USD',
    'operation': 'purchase'
}

headers = {
    'X-Api-Key': api_key,
    'Content-Type': 'application/json'
}

response = requests.post(api_url, json=data, headers=headers)

print(response.json())


const apiKey = '<YOUR_ACCOUNT_API_KEY_HERE>';
const apiUrl = 'https://web.moneyhash.io/api/v1.1/payments/intent/';

const data = {
  amount: 50,
  amount_currency: 'USD',
  operation: 'purchase'
};

const headers = {
  'X-Api-Key': apiKey,
  'Content-Type': 'application/json'
};

fetch(apiUrl, {
  method: 'POST',
  headers: headers,
  body: JSON.stringify(data)
})
  .then(response => response.json())
  .then(data => {
    console.log('Response:', data);
  });

Organization API key

Organization API keys can also be used to communicate with MoneyHash endpoints. Organization API keys are managed through MoneyHash dashboard. An organization can have multiple API keys. You can also revoke your API keys in case they get compromised or if you wish to rotate them.

Creating an Organization API Key

  1. Navigate to the Integrations tab in your Dashboard.
  2. Access Organization API Keys.
  3. Click on the "+" button and provide a name for this key.

Using the Organization API Key

You can use your Organization API Key instead of the Account API Key. In this case, the authentication will require additional information that, combined, will define the X-Api-Key sent on the request header. The X-Api-Key will be composed of three pieces of information described in the table below:

ItemDescription
organization API keysYour organization API key that you get from the MoneyHash dashboard.
account IdYour account id that you want to use while consuming MoneyHash endpoints.
is liveSpecifies if you are using the Live. Use true if you are operating in Live mode or false for Test mode.

Below, you find an example of how this information is used to build the X-Api-Key.

curl --location --request POST 'https://web.moneyhash.io/api/v1.1/payments/intent/' \
--header 'X-Api-Key: <YOUR_ORGANIZATION_API_KEY_HERE>,<ACCOUNT_ID>,<IS_LIVE>' \
--header 'Content-Type: application/json' \
--data-raw '{"amount": 50, "amount_currency": "USD", "operation": "purchase"}'

import requests

api_url = 'https://web.moneyhash.io/api/v1.1/payments/intent/'
api_key = '<YOUR_ORGANIZATION_API_KEY_HERE>,<ACCOUNT_ID>,<IS_LIVE>'

data = {
    'amount': 50,
    'amount_currency': 'USD',
    'operation': 'purchase'
}

headers = {
    'X-Api-Key': api_key,
    'Content-Type': 'application/json'
}

response = requests.post(api_url, json=data, headers=headers)

print(response.json())


const apiKey = '<YOUR_ORGANIZATION_API_KEY_HERE>,<ACCOUNT_ID>,<IS_LIVE>';
const apiUrl = 'https://web.moneyhash.io/api/v1.1/payments/intent/';

const data = {
  amount: 50,
  amount_currency: 'USD',
  operation: 'purchase'
};

const headers = {
  'X-Api-Key': apiKey,
  'Content-Type': 'application/json'
};

fetch(apiUrl, {
  method: 'POST',
  headers: headers,
  body: JSON.stringify(data)
})
  .then(response => response.json())
  .then(data => {
    console.log('Response:', data);
  });

The request would look like the following:

curl --location --request POST 'https://web.moneyhash.io/api/v1.1/payments/intent/' \
--header 'X-Api-Key: 2B2q65zNQok66oaacE7RtadsfFKJC8p5klB,A9eY6933,true' \
--header 'Content-Type: application/json' \
--data-raw '{"amount": 50, "amount_currency": "USD", "operation": "purchase"}'

import requests

api_url = 'https://web.moneyhash.io/api/v1.1/payments/intent/'
api_key = '2B2q65.zNQok66oaacE7RtadsfFKJC8p5klB,A9eY6933,true'

data = {
    'amount': 50,
    'amount_currency': 'USD',
    'operation': 'purchase'
}

headers = {
    'X-Api-Key': api_key,
    'Content-Type': 'application/json'
}

response = requests.post(api_url, json=data, headers=headers)

print(response.json())


const apiKey = '2B2q65.zNQok66oaacE7RtadsfFKJC8p5klB,A9eY6933,true';
const apiUrl = 'https://web.moneyhash.io/api/v1.1/payments/intent/';

const data = {
  amount: 50,
  amount_currency: 'USD',
  operation: 'purchase'
};

const headers = {
  'X-Api-Key': apiKey,
  'Content-Type': 'application/json'
};

fetch(apiUrl, {
  method: 'POST',
  headers: headers,
  body: JSON.stringify(data)
})
  .then(response => response.json())
  .then(data => {
    console.log('Response:', data);
  });

Dashboard mode

Pay attention to your dashboard mode. If you're in Test mode, any requests made to MoneyHash will not be sent outside of MoneyHash environment. While in Live mode, requests will reach to providers in case of payment or payout.

Revoking API Keys

Revoking API Key access is a security measure that disables these keys from making any new requests to MoneyHash APIs. This action can be particularly useful for retiring old or compromised keys. To revoke the access for one or more API Keys:

  1. Navigate to the Integrations tab in the dashboard.
  2. Access Account API Keys.
  3. Select the desired keys.
  4. Click Revoke Selected and then Revoke.

Any new request made using these revoked API Keys will fail.

Updated 5 months ago