Volley

Authentication

Learn how to securely authenticate requests from your service to the Volley API using API keys.

Authentication

API keys

All requests to the Volley API must be authenticated using an API key which you can generate yourself in the Volley dashboard.

Volley uses two types of API key: test and live:

  • Test keys: limit any payments to Volley’s test bank account only. Test keys are appropriate for use in staging and development environments.
  • Live keys: allow your customers to pay into to your bank account with their real banking app. Use these only in production.
authkey_test_VeBI3n7J:MdLftNqgKsPK9NOgo418CDvZ
authkey_live_VeBI3n7J:MdLftNqgKsPK9NOgo418CDvZ

Keep your keys secret

API keys are secret credentials that grant access to your account's resources. They should only be used in a secure server-side environment, never exposed or embedded in client-side code or committed to public repositories.

Authenticating requests

Include your key as a Bearer token in the Authorization header of each request.

Authorization: Bearer ${VOLLEY_API_KEY}

Revoking a key

You can revoke keys at any time in the Volley dashboard, revocation will be effective immediately.

On this page