Authentication
The Khaime Partner API uses API key authentication via the X-API-Key header.
API Key Types
| Type | Prefix | Use |
|---|
| Sandbox | pk_sandbox_ | Testing — no real charges |
| Live | pk_live_ | Production — real payments |
Creating API Keys
- Log in to app.khaime.com
- Go to Settings → API & Integrations
- Click Create API Key
- Select environment (Sandbox or Live)
- Copy the key — it’s shown only once
Using Your Key
Include the key in every request:
curl -H "X-API-Key: pk_sandbox_bff301298a..." \
-H "Content-Type: application/json" \
https://api.khaime.com/api/v1/partner/products
Key Management
Programmatic Key Management
| Method | Endpoint | Description |
|---|
| POST | /create-api-key | Create new API key |
| GET | /api-keys | List all keys |
| DELETE | /api-keys/:id | Revoke a key |
| PUT | /api-keys/:id/toggle-status | Enable/disable key |
| PUT | /api-keys/:id/webhook | Set webhook URL |
| POST | /api-keys/:id/regenerate-webhook-secret | Rotate webhook secret |
Key management endpoints require your user auth token (x-id-key header), not the API key itself.
These are typically called from your dashboard, not from integration code.
Security Best Practices
- Never expose API keys in client-side code or version control
- Use environment variables to store keys
- Use sandbox keys for development and testing
- Rotate keys periodically
- Revoke compromised keys immediately
