Skip to main content

Authentication

All H2H requests must be authenticated using your API credentials. Modem Pay uses Bearer token authentication to ensure that only authorized partners can access H2H endpoints. API keys are generated in the Modem Pay dashboard and can be used in either live or test modes.

How It Works

Modem Pay provides two types of API keys:

  • Public Key: Used on the client side for initial requests (e.g., HTML form submissions).

  • Secret Key: Used on the server side for secure API calls and operations that need high trust (use this!).

  • Every request must include your API key in the Authorization header as a Bearer token.

  • Requests without a valid key, or from a business not authorized for H2H, will be rejected with a 403 Forbidden response.

  • Example header:

Authorization: Bearer YOUR_API_KEY_HERE
Content-Type: application/json
  • Base URL for all H2H requests:
https://api.modempay.com/h2h/v1

Obtaining Your API Key and Secret

  1. Sign up for a Modem Pay business account if you don’t have one already.
  2. Request H2H access by contacting your Modem Pay partner manager or submitting a request to info@modempay.com.
  3. Once your request is approved, your API key and secret key will be generated and linked to your business ID and account ID for validation.
  4. You can now use your secret key to authenticate H2H requests. Keep your API key and secret key secure, do not share them publicly or store them in client-side code. If your keys are ever compromised, they can be revoked instantly.

Tip: Your API and secret keys grant access only to the endpoints your business is authorized for. Even if someone knows the H2H endpoints, they cannot make requests without valid keys tied to an authorized business.