Skip to main content

API Keys

All merchant API calls require a Bearer API key in the Authorization header.
Authorization: Bearer sk_test_xxxxxxxxxxxxxxxxxxxx
API keys are created from the Ababil Dashboard → API Keys.
PrefixEnvironmentBase URL
sk_test_...Testnet v1https://testnetv1.ababilpay.xyz
Keep keys server-side. Merchant API keys must never be exposed in browser or mobile client code. For browser-initiated flows, use the Hosted Gateway or issue short-lived tokens from your backend.

Rate Limiting

The API enforces a limit of 60 requests per minute per API key. Every response includes the following rate limit headers:
HeaderDescription
X-RateLimit-RemainingRequests remaining in the current window
X-RateLimit-ResetUnix timestamp (seconds) when the window resets
When the limit is exceeded, the API returns HTTP 429 with error code RATE_LIMITED. Wait until X-RateLimit-Reset before retrying — do not retry immediately in a loop.