Authentication
Every request requires an API key in the Authorization header.
Authorization: Bearer qk_live_...
Key types
qk_live_... keys hit production ledgers. Real money.
qk_test_... keys hit sandbox ledgers. Safe to experiment. Same API, separate data.
Every response includes a mode header so your application knows which environment it's in.
X-Quda-Mode: live
Key format
Keys are 72 characters. The prefix tells you the type.
qk_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6
qk_test_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6
Alternative header
You can also pass the key via X-API-Key.
X-API-Key: qk_live_...
Errors
| Status | Type | Meaning |
|---|---|---|
| 401 | invalid_api_key | Key not found or malformed |
| 401 | api_key_expired | Key has passed its expiration date |
| 401 | api_key_revoked | Key was revoked |