Api-Key header:
Test and live keys
Your account has two kinds of keys, one for each mode:
The key is the only thing that selects test or live. Both key types work against the same base URL and the same endpoints, and there is no test flag or mode parameter on any request.
Errors
Key safety
- Never expose keys in client-side code. All API calls should be made from your backend.
- Use test keys everywhere except production. Development, CI, and staging should use
wcp_test_keys. - Rotate compromised keys immediately from the dashboard.