Authentication

All API requests must be authenticated using your API key, sent via the x-api-key header.

Getting your API keys

Sign in to your Merchant Dashboard
Navigate to the API Keys section
Copy your API Key and Public Key

You will have separate keys for sandbox and production environments. Use sandbox keys during development and switch to production keys when you’re ready to go live.

Keep your keys safe. API keys carry many privileges. Do not share them in public repositories, client-side code, or any publicly accessible location.

Making authenticated requests

Include your API key in every request using the x-api-key header:

curl -X GET "https://api-dev.usenumero.com/numeroaccount/api/v1/business/balance" \
  -H "x-api-key: your_api_key_here"

Request signing

Most POST endpoints require a request signature in addition to your API key. The signature is sent via the x-signature-key header. This provides an extra layer of security by ensuring the request body hasn’t been tampered with in transit. See Request Signing for full details on how to generate signatures.

Summary

Header	Required	Description
`x-api-key`	All requests	Your merchant API key
`x-signature-key`	POST requests (most)	HMAC-SHA256 signature of the request body

IP Whitelisting (Optional)

For additional security, you can restrict API access to specific IP addresses from your Merchant Dashboard. When enabled, requests from non-whitelisted IPs will be rejected. Both IPv4, IPv6, and CIDR notation (e.g., 192.168.1.0/24) are supported.

Overview Request Signing

⌘I

​Getting your API keys

​Making authenticated requests

​Request signing

​Summary

​IP Whitelisting (Optional)

Getting your API keys

Making authenticated requests

Request signing

Summary

IP Whitelisting (Optional)