Authentication
Learn how to authenticate with the Velora API using API keys and secure headers.
🔑 API Credentials
Getting Your API Credentials
After signing up, you'll receive your API credentials:
API Key:Your unique client identifier
API Secret:Your secret key (keep it secure!)
🔐 Authentication Flow
Step 1: Login and Get Access Token
First, authenticate using your API credentials to receive an access token:
curl -X POST https://api.velora.io/v1/auth/login \
-H "Content-Type: application/json" \
-d '{
"apiKey": "your_api_key_here",
"apiSecret": "your_api_secret_here"
}'Response:
{
"success": true,
"messageError": null,
"data": {
"accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
}Step 2: Use Access Token in API Calls
Include the access token in the Authorization header for all subsequent API requests:
curl -X POST https://api.velora.io/wallet/cash-in?clientId=your_client_id \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
-H "Content-Type: application/json" \
-d '{
"value": 5000,
"callbackUrl": "https://your-app.com/callback",
"payer": {
"name": "João Silva",
"email": "joao@example.com",
"document": "12345678901"
}
}'🛡️ Security Best Practices
✓
Never expose API keys in client-side code
Always make API calls from your backend server, never from browsers or mobile apps.
✓
Use HTTPS for all requests
All API requests must be made over HTTPS to ensure data encryption.
✓
Rotate keys regularly
Generate new API keys periodically and update your applications.
✓
Use different keys for different environments
Keep sandbox and production keys separate to avoid confusion.