Skip to main content
Two auth models:
  • API key — for creating checkout sessions and all off-ramp endpoints
  • None — for session status, payment link info, and payment link session creation

API key

All keys use the ms_live_ prefix.
Never put your API key in frontend JS, mobile apps, or public repos. Backend only.

Example

Generate a key

  1. Open merchant.minisend.xyz/dashboard.
  2. Go to API KeysNew Key.
  3. Copy the full value immediately; it’s shown once. Minisend stores only a hash.
401 = invalid/missing key. 403 = key valid but merchant account inactive.

Key scopes

Keys carry scopes that gate which endpoint families they can call: Calling an off-ramp endpoint without the offramp scope returns 403.

Rate limits

60 requests / minute / IP. Response includes X-RateLimit-Remaining. Exceeding it returns 429. Contact support for higher limits.

Public endpoints

No Authorization header needed: Safe to call from a browser or mobile app.