Authentication
Secure your API calls with proper authentication. This guide explains how to authenticate your requests to the MugglePay API.
Overview
All API calls to MugglePay require authentication using an API token. Keep your API token secure and never expose it in client-side code.
API Token Authentication
Getting Your API Token
Log in to the Merchant Portal
Navigate to the API section
Copy your unique API token
Using Your API Token
Include your API token in the token
header of all authenticated requests:
HTTP Header:
token: YOUR_API_TOKEN_HERE
Request Requirements
Content-Type Header
All POST requests must include the Content-Type: application/json
header:
Content-Type: application/json
Required vs Optional Fields
Required fields are marked with "Yes" in the API documentation
Optional fields can be omitted if not needed
Fields marked with (*) are required
Rate Limits
Free Plan Limits
Create Order API: 500 requests per hour per user ID
This limit applies to the
createOrder
(POST) API for merchantsIf you reach the limit, wait for the timer to reset in an hour
General API: 10,000 requests per hour per IP address
This applies to all APIs regardless of authentication requirements
Includes GetOrder, CreateOrder, Checkout, and other APIs
Increasing Limits
To increase your rate limits:
Create a ticket in the Help Center
Contact customer service through the chat widget
Provide details about your expected usage
Security Best Practices
✅ Do's
Store your API token securely on your server
Use HTTPS for all API calls
Rotate your API token periodically
Monitor your API usage for unusual activity
❌ Don'ts
Never expose your API token in client-side code
Don't commit API tokens to version control
Avoid sharing API tokens between different applications
Don't use the same token for development and production
Code Examples
cURL Example
curl -X POST \
https://api.mugglepay.com/v1/orders \
-H 'Content-Type: application/json' \
-H 'token: YOUR_API_TOKEN_HERE' \
-d '{
"merchant_order_id": "order_123",
"price_amount": 10.00,
"price_currency": "USD"
}'
JavaScript Example
const response = await fetch('https://api.mugglepay.com/v1/orders', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'token': 'YOUR_API_TOKEN_HERE'
},
body: JSON.stringify({
merchant_order_id: 'order_123',
price_amount: 10.00,
price_currency: 'USD'
})
});
Python Example
import requests
headers = {
'Content-Type': 'application/json',
'token': 'YOUR_API_TOKEN_HERE'
}
data = {
'merchant_order_id': 'order_123',
'price_amount': 10.00,
'price_currency': 'USD'
}
response = requests.post(
'https://api.mugglepay.com/v1/orders',
headers=headers,
json=data
)
Common Authentication Errors
UNAUTHORIZED
Invalid or missing API token
Check your API token and ensure it's included in the header
TOKEN_EXPIRED
API token has expired
Generate a new API token in the Merchant Portal
RATE_LIMIT_EXCEEDED
Too many requests
Wait for rate limit reset or contact support to increase limits
Related Documentation
Create Order API - Learn how to use authentication with order creation
Error Codes - Complete list of API error codes
Getting Started - Step-by-step integration guide
Next Steps
Test your authentication by making a simple API call
Review the Create Order API to see authentication in action
Set up error handling for authentication failures
Monitor your API usage to stay within rate limits
Last updated