Authentication
Use Bearer authentication when making requests to the Paddle API. Get a key from Paddle > Developer Tools > Authentication.
All requests to the Paddle API require authentication unless explicitly stated. The API uses Bearer authentication.
To authenticate, pass your Paddle API key using the Bearer
header. For example:
11Authorization: Bearer bb4e69088ea07a98a90565ac610c63654423f8f1e2d48b39b5
To avoid exposing your API key and other sensitive data, do not make requests to the Paddle API directly from your frontend. Build functionality into your backend to handle requests and serve just the information you need to your frontend.
Entities in the API have an
Access-Control-Allow-Origin
header to block access from browsers.
Get an API key
To create and manage API keys, go to Paddle > Developer Tools > Authentication. Follow the instructions under the "Generate Auth Code" section.
Treat your API key like a password. Keep it safe and never share it with apps or people you don't trust.
It's good practice to refresh your API keys periodically and revoke keys that you're no longer using.
Test authentication
The quickest way to test your authentication is to send a request to the /event-types
endpoint. This returns a list of the types of events that are included in the event stream. It returns data even if you haven't created any entities in Paddle yet.
11curl https://api.paddle.com/event-types -H "Authorization: Bearer bb4e69088ea07a98a90565ac610c63654423f8f1e2d48b39b5"
Response
If successful, you should get a response that includes a data
array and a meta
object.
12345678910111213141516171819201{
2 "data": [
3 {
4 "name": "transaction.billed",
5 "description": "Occurs when a transaction is billed. Its status field changes to billed and billed_at is populated.",
6 "group": "Transaction",
7 "available_versions": [
8 1
9 ]
10 },
11 {
12 "name": "transaction.canceled",
13 "description": "Occurs when a transaction is canceled. Its status field changes to canceled.",
14 "group": "Transaction",
15 "available_versions": [
16 1
17 ]
18 },
19 {
20 "name": "transaction.completed",
If unsuccessful, Paddle returns a 403
error with information about what went wrong and how to troubleshoot.