Getting Started

Authentication

All API requests require an API key sent in the x-api-key header.

$curl https://api.useroot.com/api/payouts \
>  -H "x-api-key: test_your_key_here" \
>  -H "Content-Type: application/json"

API keys

PrefixEnvironment
test_*Sandbox — no live money movement
live_*Production

Create and rotate keys from the Root dashboard.

Security

  • Never expose secret keys in frontend code, public repos, or client-side bundles.
  • Rotate keys periodically and revoke unused keys.
  • Use separate keys per environment and per integration.

Unauthorized requests return 401 with an authentication_error response. See Errors.