The Gigapay API uses API keys to identify and authenticate requests. You can request keys by contacting us at [email protected]. Note that you will receive separate sets of keys for the live and demo environment.

Your API keys carry many privileges, so be make sure you keep them secure. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, etc.

Authorization to the API is performed through a token-based HTTP Authentication scheme. To authorize requests, include the Authorization and Integration-ID HTTP header. Note that the authentication key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

curl \
-H "Authorization: Token 1vjv20ksxwvlpp3peize74ievjmx3e" \
-H "Integration-ID: 650fd73ff5"

API requests without authentication will fail with the HTTP response code 403. API calls made over plain HTTP instead of HTTPS will also be rejected with the response code 301.


The Gigapay API Supports IP-whitelisting. When requesting API-keys, let us know which IP:s you would like to restrict access. If IP-whitelisting is enabled, API requests made from a non-whitelisted IP will be rejected with HTTP response code 403.


The default language of the API is Swedish in Sweden and English in Finland. This document is written assuming you have the language set to English. To change language set the Accept-Language header to your prefered language. For example:

curl \
-H "Accept-Language: en"