API keys When you create a Recital account, you’re given an API key. This can be found in Settings > API

'Authorization': 'Bearer <api-key>'

Test Mode vs Live Mode

There are two “modes” of operation for your Recital account:

Live Mode: Real money, real transactions, real effects. Only switch to this after you’ve tested your integration thoroughly.

Test Mode: No real money is involved. Only our test cards and bank accounts can be used. We’ll still send webhooks and email notifications, and most of the API functions the same.

You can easily switch between Live and Test modes with the toggle button at the top right of the dashboard home page. When you switch between modes, we’ll also switch the API keys shown.

Don’t take any chances If you think your keys may have been compromised (for instance, you accidentally committed them to Git), you should immediately generate new ones using the Generate new keys button on the Settings > API page on your dashboard.

This will invalidate all existing keys and give you a new set, and you can then update your app to use the new ones.

Authorizing API calls

All API calls on Recital are authenticated. API requests made without authorization will fail with the status code 401: Unauthorized.

Your api key can perform any actions on your Recital account without restriction. It should be kept confidential and only stored on your servers, preferably as an environment variable.

It should not be included in your Git repository or front-end JavaScript code.

To authorize API calls from your server, pass your secret key as a bearer token. This means passing an Authorization header with a value of “Bearer: YOUR_SECRET_KEY”.

For example, an API call could look like this in Node.js:

const response = await got.post("https://api.recital.finance/v1/transactions", {
    headers: {
        Authorization: `Bearer ${process.env.API_KEY}`
    },
    json: {
        // Your payload
    }
});