> ## Documentation Index
> Fetch the complete documentation index at: https://docs.useduro.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction

> Base URLs, authentication, and the conventions every endpoint shares.

The Duro public API is a JSON-over-HTTPS REST API. Every endpoint in this reference has an **interactive playground** — set your key once and fire a real request from the page.

<CardGroup cols={2}>
  <Card title="Production Base URL" icon="globe">
    ```
    https://api.useduro.com
    ```
  </Card>

  <Card title="Authentication" icon="key">
    A secret key in the `Authorization: Bearer …` header on every request. See [Authentication](/api-reference/authentication).
  </Card>
</CardGroup>

## Base URLs

| Environment           | Base URL                      | Key prefix  |
| --------------------- | ----------------------------- | ----------- |
| **Production** (live) | `https://api.useduro.com`     | `sk_live_…` |
| **Sandbox** (test)    | `https://sandbox.useduro.com` | `sk_test_…` |

<Info>
  Live and sandbox are **separate hosts** backed by physically separate database schemas — use the base URL that matches your key. A `sk_test_` key only works against `sandbox.useduro.com` and can never read or bill live data, so the sandbox is safe to experiment in. See [Modes](/api-reference/modes).
</Info>

## Authentication

Every request must include your key as a bearer token:

```bash theme={null}
curl https://api.useduro.com/v1/plans \
  -H "Authorization: Bearer sk_test_•••••••••••••••••"
```

Keys are minted in the dashboard under **Developers → API keys** and are hashed at rest — Duro shows a key once, at creation. Full details, plus OAuth and customer identity tokens, are in [Authentication](/api-reference/authentication).

## Conventions

Everything in this API follows the same rules:

<CardGroup cols={2}>
  <Card title="Money in minor units" icon="coins">
    Amounts are integer kobo. `500000` = ₦5,000.00. Currency is a sibling field, default `NGN`.
  </Card>

  <Card title="Prefixed IDs" icon="tag">
    `plan_…`, `cus_…`, `sub_…`, `inv_…` — the prefix tells you the type at a glance.
  </Card>

  <Card title="Cursor pagination" icon="arrow-right">
    Keyset cursors, newest first. Page 500 costs the same as page 1. See [Pagination](/api-reference/pagination).
  </Card>

  <Card title="Idempotent writes" icon="rotate">
    Send an `Idempotency-Key` to make any mutation safe to retry. See [Idempotency](/api-reference/idempotency).
  </Card>
</CardGroup>

## Two API surfaces

* **Merchant API (`/v1`)** — server-to-server, authenticated with a secret key or OAuth token. Plans, customers, subscriptions, invoices, recovery, checkout sessions, analytics. (Webhook **endpoints** are configured in the dashboard; here you only *receive* deliveries — see the [Webhooks](/webhooks/delivery) tab.)
* **Customer API** — browser- and SDK-facing endpoints for hosted checkout (`/checkout`), WhatsApp identity (`/identity`), and the cross-merchant portal (`/portal`).
