Authentication

Every request must include an API key. We use HTTP Basic Auth in the Stripe style: your API key goes in the username field; the password is empty.

Header format

Authorization: Basic base64("<api-key>:")

Note the trailing colon — that's the empty password.

Examples

`curl`

curl -u handles the encoding for you:

curl -u 'dk_live_xxxxxxxxxxxxxxxxxxxxxxxx:' \
  https://partner-api.elivaas.com/api/ping

Raw header

echo -n 'dk_live_xxxxxxxxxxxxxxxxxxxxxxxx:' | base64
# → ZGtfbGl2ZV94eHh...

curl -H 'Authorization: Basic ZGtfbGl2ZV94eHh...' \
  https://partner-api.elivaas.com/api/ping

Node

const key = 'dk_live_xxxxxxxxxxxxxxxxxxxxxxxx';
const res = await fetch('https://partner-api.elivaas.com/api/ping', {
  headers: {
    Authorization: 'Basic ' + Buffer.from(key + ':').toString('base64'),
  },
});

Python

import requests

key = 'dk_live_xxxxxxxxxxxxxxxxxxxxxxxx'
res = requests.get(
    'https://partner-api.elivaas.com/api/ping',
    auth=(key, ''),
)

Key rotation

Keys are partner-scoped — the channel your rates are read against is bound to the partner that owns the key, not passed at request time.
We store SHA-256 of your key; we cannot recover a lost key. Contact us to issue a replacement, then revoke the old one.
Revoked keys return 401 Unauthorized immediately.

Verifying your key

GET /api/ping returns your partner id and the key prefix. Use it as a smoke test.

curl -u 'dk_live_xxxxxxxxxxxxxxxxxxxxxxxx:' https://partner-api.elivaas.com/api/ping
# {"partnerId":"prt_abc...","keyPrefix":"dk_live_abc","timestamp":"2026-05-26T10:00:00Z"}

Header format​

Examples​

curl​

Raw header​

Node​

Python​

Key rotation​

Verifying your key​