In order to interact with any of the API endpoints, you must provide your API secret key as part of the request. You can find your secret key in the Yoco Business Portal after signing up.

The secret key should be included in the header of the API request. You can provide the secret key by using bearer authentication and the Authorization header. To do this, prepend Bearer to the secret key and insert it into the Authorization header.

Authorization: Bearer <secret-key>

See here for more information about the integration keys.


Only Checkouts that have been created using live keys can be refunded.


Your API keys are used to identify you and enable payments, so be sure to keep them safe. Never share your secret key or publish it in code, such as on GitHub. All API requests must be made over HTTPS.