Skip to main content

Authentication

The Stable Genius API uses API keys for authentication. Include your key in the Authorization header of every request. 
Authorization: Bearer sk_test_abc123

API Key Types

Key PrefixEnvironmentDescription
sk_test_SandboxTest payments on Base Sepolia testnet. No real money moves.
sk_live_ProductionReal USDC payments on Base mainnet.
Never expose your API keys in client-side code. API keys should only be used in server-to-server requests. If a key is compromised, revoke it immediately from the dashboard.

Getting Your API Keys

The Stable Genius API is currently in private beta. Request early access to receive your API keys.
Once approved, you can manage API keys from the developer dashboard:
  1. Navigate to Settings → API Keys
  2. Click Create API Key
  3. Copy the key immediately — it’s only shown once
  4. Store it securely (environment variables, secrets manager)

Key Permissions

Each API key has access to all merchants associated with the integrator’s account. A single key can create payment intents for multiple merchants.

Key Rotation

To rotate a key without downtime:
  1. Create a new API key in the dashboard
  2. Update your integration to use the new key
  3. Verify requests succeed with the new key
  4. Revoke the old key
Both keys work simultaneously until you revoke the old one.

Security Best Practices

  • Store keys in environment variables or a secrets manager (never hardcode)
  • Use sk_test_ keys during development and CI/CD
  • Rotate keys quarterly or immediately if compromised
  • Use webhook signatures to verify events are from Stable Genius (see Webhook Security)
  • Restrict server egress to allow only api.stablegenius.co if possible