Authentication
Peak Gateway APIs use Bearer token authentication. The generated OpenAPI reference and SDK docs are the source of truth for which routes require OAuth, Firebase-backed portal auth, checkout session tokens, or internal service identity.
Bearer token format
Send the current access token in the Authorization header:
Authorization: Bearer <ACCESS_TOKEN>
Credential management
- Generate separate credentials per environment and service
- Rotate keys regularly
- Revoke compromised keys immediately
- Store keys in a secure secret manager
Test vs live modes
Peak Gateway supports separate test and live credentials:
- Test mode: safe integration testing and QA
- Live mode: real customer charges and settlements
Never mix test and live credentials in the same runtime environment.