Skip to main content

Authentication

Peak Gateway APIs use Bearer token authentication. The generated OpenAPI reference and SDK docs are the source of truth for which routes require OAuth, Firebase-backed portal auth, checkout session tokens, or internal service identity.

Bearer token format

Send the current access token in the Authorization header:

Authorization: Bearer <ACCESS_TOKEN>

Credential management

  • Generate separate credentials per environment and service
  • Rotate keys regularly
  • Revoke compromised keys immediately
  • Store keys in a secure secret manager

Test vs live modes

Peak Gateway supports separate test and live credentials:

  • Test mode: safe integration testing and QA
  • Live mode: real customer charges and settlements

Never mix test and live credentials in the same runtime environment.