Ringup authenticates every API request with a secret API key. You pass it in the
Authorization header on each call:
Authorization: Bearer <YOUR_RINGUP_KEY>
Get your key
Create an API key in your Ringup dashboard, under Developers, then API keys. Keys come in two
kinds, and the same code works with either, so you promote by swapping the key:
- Test keys (
rk_test_...) run against the sandbox: fake money, real flows, ready-made
merchants and callers. See Testing.
- Live keys (
rk_live_...) run against your real merchants and settle on their own processor.
Pass it on every request
Every Ringup call, create_checkout, identify, charge, and the rest, takes the key as a
Bearer token:
curl -X POST https://api.ringup.dev/v1/checkouts \
-H "Authorization: Bearer <YOUR_RINGUP_KEY>" \
-H "Content-Type: application/json" \
-d '{ "amount_cents": 2500 }'
In an agent integration you set the key once and it rides every call:
- Vapi (native handoff): the CLI writes your key into the payment tools it provisions. You
paste it once at setup.
- Call transfer (every other platform): the key lives in the
Authorization header of the
create_checkout tool or HTTP call your agent makes, next to the other tool config.
Either way the key sits on your server or in the platform’s tool configuration, never in a value
the model generates.
Your secret key can create charges. Keep it server-side. Never put it in client-side code, a
prompt, a transcript, or a public repository, and never let the model see or type it. If a key
leaks, roll it from the dashboard.
Trying it without a key
The public demo sandbox exposes a seeded caller and demo merchants that need no key, so you can run
the Quickstart and hear a wired demo before you sign up. The moment you point at
your own merchants and callers, you use your key.