Slope's API uses HTTP Basic Access Authentication for all requests using a public key (username) and secret key (password) pair. These values are passed via the HTTP Header 'Authentication'. Example below:

curl --request GET 
--url '{{CUSTOMER_ID}}' \
--header 'Authorization: Basic {{BASE_64_ENCODED_USER_AND_PASS}}'

Environments and Types

Developers are given separate keys for production and sandbox environments. Keys for each environment can only be used for their respective endpoints.

There are also two types of API keys: public and secret.

  • Public API keys are meant to identify the developer and are not sensitive. They are meant to be used by the end-client such as mobile apps or the web browsers.
  • Secret API Keys are meant to be confidential and should never be exposed to customers. They are used to manage sensitive data such as customer personal Identifiable Information (PII) and payment information, order information, payout information, and more.


Don't expose secrets to client apps

Slope's payment integration flow requires requests to be made from your servers to ensure information such as the order total can be trusted. Never use your secret keys in any of your client applications (web, mobile, etc.).

Each account has a total of four keys: a public and secret key pair for sandbox and production environments.