Skip to content

Authentication

Every request to the Gravv API requires an Api-Key. After creating a Gravv account, we generate two pairs of API Keys for you:

  • a publishable Public Key
  • a server-side Secret Key

A separate key pair is provided for each environment Sandbox and Live modes.

To regenerate your API keys, click Rotate API Key in your Dashboard. Ensure you rotate your keys regularly to maintain security and prevent unauthorized access.

Keep your API keys secure and don't share them in GitHub repositories, client-side code, or any environment accessible to others.

Also, send all requests over HTTPS to protect sensitive data. Requests without valid authorization return a 401Unauthorized response.

Obtain and use your API Keys

To obtain your API Key, follow these steps:

  1. Sign in to your Gravv Dashboard with your registered business email address.
  2. Toggle Sandbox mode on for testing, or Production for live.
  3. Click Manage in the side navigation.
  4. Click Configure under the Manage section.
  5. Now click API keys, then click the copy button under Secret Key to copy your Secret Key, or under Public Key to copy your Public Key.
  6. Include the API Key in your request header:
curl -X POST https://api.gravv.xyz/v1/{endpoint} \
  -H "Api-Key: <Api Key>" \
  -H "Content-Type: application/json" \
  -d '{
    ...
  }'

Webhooks

For webhooks, you need to create them and generate their Secret Key:

  1. Follow steps 1 through 3 in Obtain your API Keys.
  2. Click Webhooks in the Dashboard.
  3. Click Create Webhook to open the form.
  4. Enter your webhook endpoint in the Webhook URL field.
  5. Click Generate to create your webhook Secret Key.

You can regenerate your Secret Key at any time by clicking Rotate API Key in your Dashboard.

For more information about webhooks, see Webhooks.