Skip to main content
Every Pagou API call requires authentication.

Supported methods

  1. Authorization: Bearer <token>: recommended for new integrations.
  2. apiKey: <token> header: supported for compatibility and some existing merchant stacks.
  3. Basic Auth with username token and password x: legacy-compatible option when a client stack is constrained.
Use Bearer token unless you have a concrete compatibility constraint. 
GET /v2/transactions HTTP/1.1
Host: api.pagou.ai
Authorization: Bearer YOUR_TOKEN

Compatibility examples

GET /v2/transactions HTTP/1.1
Host: api.pagou.ai
apiKey: YOUR_TOKEN

GET /v2/transactions HTTP/1.1
Host: api.pagou.ai
Authorization: Basic dG9rZW46eA==

Operational guidance

  • Pick one method and apply it consistently across all services.
  • Do not mix auth styles by route.
  • Rotate credentials through your secrets platform, not by code change.
  • Log only request correlation identifiers, never tokens.

Test call

curl --request GET \
  --url https://api-sandbox.pagou.ai/v2/transactions \
  --header "Authorization: Bearer YOUR_SANDBOX_TOKEN"
If this works, continue to Idempotency.