Skip to Content
Authentication

Authentication

Learn how to securely connect to the Orca API

API Keys

Authenticate all API requests using your API key:

Authorization: Bearer YOUR_API_KEY

To obtain API keys, contact security@orca-fraud.com or consult your Integration Guide.

Orca has a Sandbox environment which should be used during integration and then can be used for ongoing end to end testing at no cost. Once the Sandbox integration is complete, Orca will share the Production credentials. Note than Sandbox and Production integrations will require different API keys.

If an API key is invalid or expired, you will receive a 401 Unauthorized response:

{
  "error": "unauthorized",
  "message": "Invalid or expired API key",
  "status": 401
}

API Key Best Practice

  • Use HTTPS for all API requests
  • Don’t embed API keys directly in code
  • Don’t log API keys in application logs
Last updated on
Getting StartedError Reference