Welcome to Xendit’s latest documentation. For legacy content, access the previous documentation here or the previous API reference here.

Quick setup

Next

API format

The Xendit API is organized around REST. Our API has predictable, resource-oriented URLs, and uses HTTP response codes to indicate API errors. We use built-in HTTP features and HTTP verbs, which are understood by off-the-shelf HTTP clients. JSON is returned by all API responses, including errors.

Authentication

Getting Started with Xendit APIs

To begin exploring our APIs, please ensure you have registered an account on our dashboard here. You can obtain and manage your API keys (for both test and live environments) in the API Keys Settings section.

Authentication

To authenticate your API requests, include your secret API key in the request. Follow these steps:

  1. Generate a secret API key

  2. Retrieve your secret API key from the Dashboard.

  3. Choose Basic Access Authentication (BASIC AUTH).

  4. Use the BASIC AUTH format: {username}:{password}

  5. Enter your Secret API key as the username and leave the password field empty. Ensure you include a colon (`:`) at the end.

  6. Encode the resulting value using Base64.

  7. Include the Base64-encoded value in the Authorization header of your requests.

Important Considerations

  • Security: Keep your API keys confidential and avoid sharing them.  

  • HTTPS Only: All API requests must be made over HTTPS; HTTP requests will fail.

  • Test Environment: Requests made in the test environment will not interact with banking networks and incur no charges.