Skip to content


Sandbox Account

To test and integrate EveryPay products you need to create a Sandbox Account. After signing in, you can access your API Keys under the menu "Settings" > "API Keys"

With your Sandbox API Keys, you can use our API. The base URL is:


All requests to EveryPay API have to be authenticated and have to be made over HTTPS. Our API uses HTTP Basic Auth for authentication.

To authenticate you need to provide your API secret key, as username and leave the password blank. Some REST clients expect a username:password pair separated by a colon. Since there is no explicit password with the API key, it will need to be followed simply by a colon in those cases.

You can find you API keys in your account settings once you login to your account. Please keep your private keys secure and don’t pass them to anyone. These private keys have extreme secure information for handling the transactions of your account.

Authentication example:

    -u sk_PqSohnrYrRI1GUKOZvDkK5VVWAhnlU3R: \
    -d key1=value1
    -d key2=value2

// Set your private key

$payment = Payment::create(array(
    // parameters key =>  value

Note that in the case of API calls with curl, the semicolon is not part of the key, but is given as a separator between the username (key) and the password (blank).


  • Please keep your private keys safe and do not share them with anyone. These private keys carry extremely confidential information about your account and your transactions.
  • Due to the security of the transactions, all requests for your transactions must be made via https. Applications made in any other way will fail.
  • The tokens, IDs, cards, payments, customers, etc., as well as the public and private keys shown in the examples, are random and have no real impact.

Response codes

The JSON object of the service response contains, in the event of an error, some fields that characterize the transaction:

  • the status field that matches the HTTP status code
  • the code field, which is unique to the result of the request
  • the message field that directly explains the state in which the transaction was found

Example of an error response:

    "error": {
        "status": 400,
        "code": 20008,
        "message": "Insufficient funds"

API Keys

Each merchant account uses a pair of a public and a private key. In more specific cases, it uses a third public key called a shared key.

The Public Key is used to identify the company in calls through the through the EveryPay Button. The only function that can be performed with this key is the Token version.

The Private Key is used to perform all other types of API transactions, such as creating and listing payments, customers, and more. It is used within the code of your application, so, only your application should be aware of it.

The Shared Key is intended for use by potential partners of your company, who wish to execute transactions through your account for you. This key can only execute payment and pre-approved transactions.