Skip to main content

Overview

Commerce APIs power product search, carts, checkout invoicing, order tracking, and commerce payment status. Use these endpoints from your server when you need real-world purchase flows.

Authentication

Commerce APIs use a commerce-scoped API key:
  • Header: x-commerce-api-key: <commerce_key>
  • Keys are created in the Pepay Dashboard: https://pepay.io/sign-in
  • Keep keys server-side; never embed them in browser or mobile apps. Key management (create/list/revoke) is handled in the dashboard and is not part of the public API reference.

Typical flow

  1. Search inventory → 2) Build a cart → 3) Create a checkout invoice → 4) Track orders → 5) Poll payments.
  • Merchant APIs use x-api-key for invoices, tokens, settlement, and events.
  • Payor APIs use session headers (x-session-token, x-signature) for checkout UIs.

Request

Use a commerce API key in the request header: 
curl "https://api-beta.pepay.io/api/commerce/search?q=shirt&limit=5" \
  -H "x-commerce-api-key: ck_live_..."

Response

{
  "ok": true,
  "data": []
}

Errors

  • 401 missing or invalid x-commerce-api-key
  • 403 key exists but lacks required scope
  • 429 rate-limit applied for burst traffic

Examples

  • Keep commerce keys server-side and proxy frontend requests through your backend.
Next: Commerce overview