Authentication
All EasySlip API requests require authentication using a Bearer token. This guide explains how to authenticate your API requests.
Getting Your API Key
- Log in to the EasySlip Developer Portal
- Navigate to your application dashboard
- Find your API Key in the credentials section
Using Your API Key
Include your API key in the Authorization header of every request:
Authorization: Bearer YOUR_API_KEYExample Request
curl -X GET https://api.easyslip.com/v2/info \
-H "Authorization: Bearer YOUR_API_KEY"API Key Format
EasySlip API keys are UUID v4 format strings:
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxExample: a1b2c3d4-e5f6-7890-abcd-ef1234567890
Security Best Practices
1. Never Expose Keys in Client-Side Code
// ❌ BAD - Don't do this
const API_KEY = 'your-api-key-here';
// ✅ GOOD - Use environment variables
const API_KEY = process.env.EASYSLIP_API_KEY;2. Use Environment Variables
EASYSLIP_API_KEY=your-api-key-hereimport 'dotenv/config';
const apiKey = process.env.EASYSLIP_API_KEY;$apiKey = getenv('EASYSLIP_API_KEY');
// or
$apiKey = $_ENV['EASYSLIP_API_KEY'];import os
api_key = os.environ.get('EASYSLIP_API_KEY')3. Use Server-Side Requests Only
Always make API requests from your server, never from client-side JavaScript:
// ❌ BAD - Client-side request exposes your API key
fetch('https://api.easyslip.com/v2/verify/bank', {
headers: { 'Authorization': 'Bearer YOUR_API_KEY' }
});
// ✅ GOOD - Make request through your own server
fetch('/api/verify-slip', {
method: 'POST',
body: JSON.stringify({ image: slipImage })
});4. IP Whitelisting
Configure IP whitelisting in the developer portal to restrict API access to specific IP addresses:
- Go to Application Settings
- Add your server's IP addresses to the whitelist
- Use
*to allow all IPs (not recommended for production)
Authentication Errors
Missing API Key (401)
{
"success": false,
"error": {
"code": "MISSING_API_KEY",
"message": "Authorization header is required"
}
}Solution: Include the Authorization: Bearer YOUR_API_KEY header.
Invalid API Key (401)
{
"success": false,
"error": {
"code": "INVALID_API_KEY",
"message": "The provided API key is invalid"
}
}Solution: Check that your API key is correct and hasn't been revoked.
IP Not Allowed (403)
{
"success": false,
"error": {
"code": "IP_NOT_ALLOWED",
"message": "Your IP address is not in the allowed list"
}
}Solution: Add your server's IP to the whitelist in the developer portal.
Branch Inactive (403)
{
"success": false,
"error": {
"code": "BRANCH_INACTIVE",
"message": "This API branch has been deactivated"
}
}Solution: Reactivate your branch in the developer portal or contact support.
Quota Exceeded (403)
{
"success": false,
"error": {
"code": "QUOTA_EXCEEDED",
"message": "Your API quota has been exceeded"
}
}Solution: Upgrade your plan or wait for quota reset.
Rate Limiting
API requests are subject to rate limiting based on your plan:
| Plan | Requests/Month |
|---|---|
| Trial | 100 |
| Basic | 5,000 |
| Pro | 35,000 |
| Enterprise | Custom |
When you exceed your quota, you'll receive a QUOTA_EXCEEDED error.
Multi-Branch Support (v2)
API v2 supports multiple branches per application, each with its own API key:
- Main Branch: Primary API key with full quota
- Sub-Branches: Additional keys with separate quota tracking
This allows you to:
- Track usage per integration point
- Apply different IP restrictions per branch
- Manage quota allocation across teams
Next Steps
- Version Comparison - Compare API versions
- API v2 Reference - Explore v2 endpoints
- Error Codes - Full error code reference