Authentication

How to connect to Catch's services.

Credentials

Catch assigns each merchant unique Public and Private API keys.

❗️

Private key values are highly sensitive. They should be stored securely within your systems and otherwise not shared or made accessible to any person or system.

Client-Side API Authentication

Providing your Public API key identifies your merchant account to Catch so that your account configuration is applied when Catch responds to your request.

Server-Side API Authentication

All server-side requests must provide valid authentication credentials in their request headers. Server-side API requests require both a valid Public API key and corresponding Private API key.

Catch's e-commerce platform partners must securely access this data and exclusively use each merchant’s particular keys when performing requests on their behalf.

The keys should be handed in as headers to the request:

Header nameValue
public-key<public_key_value>
x-api-key<secret_key_value>

Environments

Catch supports two integration environments: (1) sandbox and (2) live:

Integration Environment Type<environment> valueDescription
Sandboxapi-sandboxSandbox should be used to test around and build your integration in a development environment before you are ready to go live in production. It will not affect critical data and charge, place, or fulfill any real orders. For details on Sandbox testing credentials, see Sandbox Testing.
LiveapiLive should be used as the real product that customers will see when they go to your website. The live environment moves real money among consumers, Catch, and merchants.

Catch will provide you with separate API key pairs for use in the sandbox and live environments.

🚧

Never make API requests from your live, public site to Catch’s sandbox environment; these requests will not move money. All live site traffic must use Catch’s live environment.

Sandbox Base URL

https://api-sandbox.getcatch.com/v1/

Live Production Base URL

https://api.getcatch.com/v1/