Production Base URL
Authentication
A secret key in the
Authorization: Bearer … header on every request. See Authentication.Base URLs
| Environment | Base URL | Key prefix |
|---|---|---|
| Production (live) | https://api.useduro.com | sk_live_… |
| Sandbox (test) | https://sandbox.useduro.com | sk_test_… |
Live and sandbox are separate hosts backed by physically separate database schemas — use the base URL that matches your key. A
sk_test_ key only works against sandbox.useduro.com and can never read or bill live data, so the sandbox is safe to experiment in. See Modes.Authentication
Every request must include your key as a bearer token:Conventions
Everything in this API follows the same rules:Money in minor units
Amounts are integer kobo.
500000 = ₦5,000.00. Currency is a sibling field, default NGN.Prefixed IDs
plan_…, cus_…, sub_…, inv_… — the prefix tells you the type at a glance.Cursor pagination
Keyset cursors, newest first. Page 500 costs the same as page 1. See Pagination.
Idempotent writes
Send an
Idempotency-Key to make any mutation safe to retry. See Idempotency.Two API surfaces
- Merchant API (
/v1) — server-to-server, authenticated with a secret key or OAuth token. Plans, customers, subscriptions, invoices, recovery, checkout sessions, analytics. (Webhook endpoints are configured in the dashboard; here you only receive deliveries — see the Webhooks tab.) - Customer API — browser- and SDK-facing endpoints for hosted checkout (
/checkout), WhatsApp identity (/identity), and the cross-merchant portal (/portal).