Skip to main content

Overview

The CashQ Payin API uses Basic Authentication with your API Key and PIN from Approvely Gateway.

Getting Your Credentials

1

Access Control Panel

Log in to the Approvely Gateway Control Panel:Sandbox: https://sandbox.approvelygateway.com/Production: Contact support for production access
2

Navigate to Sources

Go to Control Panel → Sources
3

Get API Credentials

You’ll find three important credentials:
  • API Key - Used for API authentication
  • Tokenization Token - Used for frontend card tokenization
  • PIN - Used with API Key for authentication
Keep these credentials secure. You’ll need the API Key and PIN to authenticate API requests.

Authentication Method

The Payin API uses HTTP Basic Authentication. You need to:
  1. Concatenate your API Key and PIN with a colon: [API_KEY]:[PIN]
  2. Encode the string to Base64
  3. Add it to the Authorization header as Basic [base64_string]

Example

API Key: iebfzJJUCN6HMmLVhXbMo6faby9HITH2
PIN: 552dd6e5a202469a7f535d3a1e09a

Concatenated: iebfzJJUCN6HMmLVhXbMo6faby9HITH2:552dd6e5a202469a7f535d3a1e09a

Base64 Encoded: aWViZnpKSlVDTjZITW1MVmhYYk1vNmZhYnk5SElUSDI6NTUyZGQ2ZTVhMjAyNDY5M2E3ZjUzNWQzYTFlzOWE=

Authorization Header: Basic aWViZnpKSlVDTjZITW1MVmhYYk1vNmZhYnk5SElUSDI6NTUyZGQ2ZTVhMjAyNDY5M2E3ZjUzNWQzYTFlzOWE=

Implementation Examples

curl -X POST 'https://api.sandbox.approvelygateway.com/api/v2/transactions/charge' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Basic aWViZnpKSlVDTjZITW1MVmhYYk1vNmZhYnk5SElUSDI6NTUyZGQ2ZTVhMjAyNDY5M2E3ZjUzNWQzYTFlzOWE=' \
  -d '{
    "amount": 5,
    "source": "nonce-token-here"
  }'

Environment URLs

Use the appropriate base URL for your environment:
EnvironmentBase URL
Sandboxhttps://api.sandbox.approvelygateway.com
Productionhttps://banking.cashqbot.com
Production CredentialsFor production access, contact [email protected]. Production credentials are separate from sandbox credentials.

Sandbox Login

For testing in the sandbox environment:

Security Best Practices

Store Securely

Never hardcode credentials in your source code. Use environment variables or secure vaults.

Use HTTPS Only

All API requests must use HTTPS. Never send credentials over HTTP.

Separate Environments

Use different credentials for sandbox and production. Never use production credentials in testing.

Rotate Regularly

Periodically rotate your API credentials for enhanced security.

Testing Authentication

Test your authentication setup with a simple request: 
curl -i -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Basic YOUR_BASE64_CREDENTIALS" \
  -d '{"amount": 1, "source": "test-nonce"}' \
  'https://api.sandbox.approvelygateway.com/api/v2/transactions/charge'
If authentication fails, you’ll receive a 401 Unauthorized response.

Common Authentication Errors

Cause: Invalid or missing credentialsSolution:
  • Verify your API Key and PIN are correct
  • Ensure credentials are properly Base64 encoded
  • Check that you’re using the correct environment credentials
Cause: Valid credentials but insufficient permissionsSolution:
  • Contact support to verify your account permissions
  • Ensure your account is active and in good standing
Cause: Credentials not properly encodedSolution:
  • Verify the format: [API_KEY]:[PIN]
  • Use a proper Base64 encoding function
  • Don’t include extra spaces or line breaks

Next Steps

Tokenization

Learn how to tokenize card data securely

Charge Endpoint

Process payments using the charge API