Authorization format
All requests must include:
-H "Authorization: Bearer $MAZERIK_API_KEY"
Environment strategy
Use separate keys for each environment and avoid cross-environment reuse.
| Environment | Key scope | Typical use | | --- | --- | --- | | Sandbox | Non-production | Integration tests and schema checks | | Staging | Pre-production | Load and workflow validation | | Production | Production only | Live transaction processing |
Key rotation and safety
- Rotate keys on a fixed schedule.
- Keep keys in secret managers where possible.
- Never expose keys to browser bundles.
- Restrict CI/CD access to least privilege.
Failure behavior
A 401 response means missing, expired, or invalid credentials. Check header formatting first, then key status.