Authentication
All API requests must include your API key in the Authorization header:
Authorization: Bearer sk_live_YOUR_SECRET_KEYAPI key types
Section titled “API key types”| Key Type | Prefix | Use for |
|---|---|---|
| Secret Key | sk_live_ / sk_test_ | Server-to-server API calls. Never expose in client-side code. |
| Public Key | pub_live_ / pub_test_ | Embedded / client-side integrations only. Limited permissions. |
Obtaining your keys
Section titled “Obtaining your keys”Your API keys are available in the TurnStay Dashboard under Settings > API Keys.
Your Account ID (an integer) is under Settings > Account. It’s required when creating payment intents.
Your secret key grants full API access. Never commit it to source control or include it in frontend code.
Making authenticated requests
Section titled “Making authenticated requests”Include the Authorization header in every request:
import requests
response = requests.post( "https://prod.turnstay.com/api/v1/payments/intent", headers={ "Authorization": "Bearer sk_live_YOUR_SECRET_KEY", "Content-Type": "application/json", }, json={ ... },)const response = await fetch("https://prod.turnstay.com/api/v1/payments/intent", { method: "POST", headers: { Authorization: "Bearer sk_live_YOUR_SECRET_KEY", "Content-Type": "application/json", }, body: JSON.stringify({ ... }),});