Authentication

HanDl uses API keys to authenticate requests. You can manage keys from your dashboard at Settings → API.

Key Types

HanDl issues two types of keys per environment:

sk_live_...Secret Key

Full access to your account. Use server-side only. Never expose in client code, Git repos, or public channels.

pk_live_...Publishable Key

Limited read-only access. Safe for client-side use (storefront embeds, web chat widgets). Cannot create or modify resources.

🚨

Never share secret keys. If a secret key is compromised, revoke it immediately from Settings → API and generate a new one.

Using Your Key

Pass your API key in the Authorization header as a Bearer token:

curl

curl https://api.handl-ng.com/v1/orders \
  -H "Authorization: Bearer sk_live_your_secret_key"

javascript

const response = await fetch('https://api.handl-ng.com/v1/orders', {
  headers: {
    'Authorization': 'Bearer sk_live_your_secret_key',
  },
});

Test Mode

Use test keys (sk_test_...) during development. Test keys interact with a sandboxed environment — no real messages are sent and no charges are made.

text

# Test keys
sk_test_abc123...  → Secret (test)
pk_test_xyz789...  → Publishable (test)

# Live keys
sk_live_abc123...  → Secret (live)
pk_live_xyz789...  → Publishable (live)

💡

Switch between test and live mode from the toggle in Settings → API. Your test data is completely isolated from production.

Rate Limits

API requests are rate-limited per key:

Starter60 req/min

Growth300 req/min

EnterpriseCustom

When rate-limited, the API returns 429 Too Many Requests with a Retry-After header in seconds.