Authentication

The Sphere API uses Bearer Authentication and API keys to authenticate your requests.

API Keys

You can view and manage your API Keys in the Sphere Dashboard. Each Sphere account can have up to 10 API keys.

Terminology: Account = Application

In Sphere, we use the term "application" to refer to what is commonly known as an "account" on other platforms. When you sign up, you're creating an application. As you use the Sphere dashboard or API, you might see terms like application and applicationId. Recognizing that "application" is equivalent to "account" in our platform will help you navigate and integrate with Sphere more easily.

API keys carry unrestricted access to your application and must be kept secret. If you think an API key may be compromised, it’s best to roll it immediately. As a best practice, we recommend rotating your API keys once per quarter.

To authenticate your requests, you need to include an access token in the Authorization header of your HTTP request.

All requests require an API key and use of HTTPS. Calls made over plain HTTP will error.

Authorization Header

-H Authorization: Bearer secret_64db7acf5bbb434aa0a04d82e90b4c99

Sample Request

The following is an example curl request to list all customers with an API Key bearer token:

Sample Authenticated Request

curl https://api.spherepay.co/v1/customer \
  -X GET \
  -H "Authorization: Bearer secret_64db7acf5bbb434aa0a04d82e90b4c99"

Was this page helpful?