API Authentication

Most APIs in this integration require authentication. The only exception is the /orders/pay API, which does not require any authentication and can be safely done from the browser as well.

Standard authentication

  • The standard authentication uses two specific headers x-client-id and x-client-secret. Please pass your appId and secretKey in these fields. (see screenshot below to access these from dashboard)
  • Please ensure that your secret key is securely placed and cannot be accessed by anyone.
  • Also never call any API which requires authentication from the client as that would require you to expose the secret key to the client.

Below is a curl request which shows how to pass these headers in the API call.

curl --request {REQUEST-TYPE} \
  --url https://sandbox.cashfree.com/pg/{resource} \
  --header 'Content-Type: application/json' \
  --header 'x-api-version: <<x-api-version>>' \
  --header 'x-client-id: <YOUR_APP_ID>' \
  --header 'x-client-secret: <YOUR_SECRET_KEY>'

Login to the merchant dashboard and visit the developers section to access your appId and secret key.