Authentication

API keys
Creating API keys
Security
Related

The Natural API uses Bearer authentication per RFC 6750. Include your API key in the Authorization header of every request:

curl https://api.natural.co/payments \
  -H "Authorization: Bearer sk_ntl_prod_abc123..."

API keys

API keys follow the format sk_ntl_{environment}_{secret}:

Prefix	Environment	Base URL
`sk_ntl_prod_`	Production	`https://api.natural.co`
`sk_ntl_dev_`	Development	`https://sandbox.api.natural.co`

Development keys operate in a sandbox environment where no real money moves.

Creating API keys

Create API keys from the Natural Dashboard after completing verification. The key secret is shown once — store it immediately. Each key can be scoped to a subset of permissions:

{
  "data": {
    "attributes": {
      "name": "Carrier Payment Agent",
      "scopes": ["agents.read", "payments.create", "payments.read"]
    }
  }
}

Security

Store API keys in a dedicated secret management system. Never commit them to source control.
Rotate keys periodically. You can have multiple active keys to enable zero-downtime rotation.
Revoke compromised keys immediately via the dashboard or PUT /api-keys/{key_id}/revoke.
All requests require HTTPS.

API Keys endpoints — Create, list, and revoke keys
Error Handling — Authentication error codes

About the Natural API IDs

⌘I

Overview

Agents

Customers

Counterparties

Payments

Delegations

Parties

Wallet

API keys

Errors

API keys

Creating API keys

Security

Overview

Agents

Customers

Counterparties

Payments

Delegations

Parties

Wallet

API keys

Errors

​API keys

​Creating API keys

​Security

​Related

API keys

Creating API keys

Security

Related