Just launched
We're actively working on new content and improvements to our documentation. We'd love to hear your thoughts, launch quick survey
Paddle Billing


Use Bearer authentication when making requests to the Paddle API. Get a key from Paddle > Developer Tools > Authentication.

All requests to the Paddle API require authentication unless explicitly stated. The API uses Bearer authentication.

To authenticate, pass your Paddle API key using the Bearer header. For example:

To avoid exposing your API key and other sensitive data, do not make requests to the Paddle API directly from your frontend. Build functionality into your backend to handle requests and serve just the information you need to your frontend.

Entities in the API have an Access-Control-Allow-Origin header to block access from browsers.

Get an API key

To create and manage API keys, go to Paddle > Developer Tools > Authentication. Follow the instructions under the "Generate Auth Code" section.

Treat your API key like a password. Keep it safe and never share it with apps or people you don't trust.

It's good practice to refresh your API keys periodically and revoke keys that you're no longer using.

Test authentication

The quickest way to test your authentication is to send a request to the /event-types endpoint. This returns a list of the types of events that are included in the event stream. It returns data even if you haven't created any entities in Paddle yet.


If successful, you should get a response that includes a data array and a meta object.

If unsuccessful, Paddle returns a 403 error with information about what went wrong and how to troubleshoot.

Related pages