Security Scheme

In order to use Koin services, it is necessary to have a private key. Each client/store, only needs to have the private key to access all the services of our API: payments, antifraud, and BNPL. The private key will be provided by our team as part of the onboarding process.

To access Koin's API, the private key must be sent as an Authorization header, as follows:

Authorization: Bearer <private key>

Example:

curl --location --request POST 'https://api-sandbox.koin.com.br/v1/payment/payouts'
--header 'Authorization: Bearer sk_J8xT4nFgLdeu4CGKl10PxoZ34h4h31by'
--header 'Content-Type: application/json'
--data-raw '{ ... }'

The format of the private key is a string of length 32, made up of alphanumeric characters and taking into account upper and lower case letters, preceded by a fixed prefix "sk_".