API Authentication

MyBerryFlow uses API keys to authenticate requests. You can get your API keys from your dashboard and use them to access the API from your server or client applications.

API Key Types

MyBerryFlow provides two types of API keys:

• Publishable keys (pk_test_... or pk_live_...) - Safe to use in client-side code
• Secret keys (sk_test_... or sk_live_...) - Must be kept secure on your server

Test vs Live Keys

• Test keys (pk_test_..., sk_test_...) - For development and testing
• Live keys (pk_live_..., sk_live_...) - For production use

Authentication Methods

Bearer Token Authentication

Include your API key in the Authorization header:

Authorization: Bearer sk_test_1234567890abcdef

Example Request

curl -X GET https://api.myberryflow.com/v1/sellers \
  -H "Authorization: Bearer sk_test_1234567890abcdef" \
  -H "Content-Type: application/json"

Security Best Practices

Keep Secret Keys Secure

• Store secret keys in environment variables
• Never commit secret keys to version control
• Use different keys for different environments
• Rotate keys regularly

Environment Variables Example

MYBERRYFLOW_SECRET_KEY=sk_test_1234567890abcdef
MYBERRYFLOW_PUBLISHABLE_KEY=pk_test_abcdef1234567890

Using in Code

const MYBERRYFLOW_SECRET_KEY = process.env.MYBERRYFLOW_SECRET_KEY;

const response = await fetch('https://api.myberryflow.com/v1/sellers', {
  method: 'GET',
  headers: {
    'Authorization': `Bearer ${MYBERRYFLOW_SECRET_KEY}`,
    'Content-Type': 'application/json'
  }
});

Error Responses

If authentication fails, you'll receive a 401 Unauthorized response:

{
  "error": {
    "type": "authentication_error",
    "code": "invalid_api_key",
    "message": "Invalid API key provided"
  }
}

Rate Limiting

API requests are rate limited to prevent abuse:

• Test environment: 100 requests per minute
• Live environment: 1000 requests per minute

Rate limit headers are included in responses:

X-RateLimit-Limit: 1000
X-RateLimit-Remaining: 999
X-RateLimit-Reset: 1640995200