API Status Support Dashboard

Authentication

Learn how to authenticate with the AuxVault API.


Overview

AuxVault uses API Key authentication for all server-to-server integrations (ERP, payment processing, automation). Every request requires two headers:

x-api-key: YOUR_API_KEY
X-Tenant-ID: YOUR_TENANT_ID

Important: Both headers are required on every request — missing either one returns a 401 Unauthorized response.


API Key Types

AuxVault issues three distinct key types. Use the right key for the right purpose:

Key Type Prefix Use For Scope How to Get
ERP Integration lv_erp_ Full admin API — create merchants, pull reports, manage customers, batch operations, all ERP workflows Tenant-wide (all merchants) Dashboard → Settings → API Keys → ERP Integration Key
Processing lv_pk_ Payment operations for a specific merchant+gateway — used by the SDK and PCI server to submit transactions Per-merchant, per-gateway Auto-provisioned when a merchant's VAR sheet is saved; visible in Merchant → API Key tab
Standard api- Legacy / reporting access scoped to one merchant Per-merchant Dashboard → Settings → API Keys → Standard Key

Luqra ERP Integration: Use an lv_erp_ key for all ERP operations. Pass X-Merchant-ID: MERCHANT_ID on calls that target a specific merchant — no separate per-merchant keys required.

Payment Processing (SDK / PCI server): Use the lv_pk_ processing key for a merchant. This key is scoped to one merchant+gateway and is used by the AuxVault SDK and PCI tokenization server. It is auto-created when the merchant's VAR sheet is saved.


Your Credentials

Credential Where to Get It
API Key (lv_erp_) Dashboard → Settings → API Keys → Create New → select ERP Integration Key
Tenant ID Dashboard → Settings → Profile → Tenant ID field (copy button provided)

API Key format: lqv_live_sk_... (production) or lqv_test_sk_... (development)
Tenant ID format: a slug like acme-payments or a UUID like 550e8400-e29b-41d4-a716-446655440000


Step 1: Test Your Connection

Before writing integration code, verify your credentials:

curl -X POST https://dev.auxcore.net/api/v1/public/testConnection \
  -H "x-api-key: YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

Success response (200 OK):

{
  "success": true,
  "message": "Connection successful",
  "data": {
    "platform": "AuxVault",
    "version": "2.0.0",
    "tenantId": "acme-payments",
    "merchantId": "merchant-456",
    "timestamp": "2026-02-23T14:00:00.000Z"
  }
}

If you receive a 401, double-check both headers are present and correct.


Step 2: Process a Payment

With credentials confirmed, process a transaction:

curl -X POST https://dev.auxcore.net/api/v1/public/transaction \
  -H "x-api-key: YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "Amount": 125.00,
    "SuggestedMode": "Card",
    "CardNumber": "4111111111111111",
    "ExpiryMonth": "12",
    "ExpiryYear": "2027",
    "CVV": "123",
    "BillingCustomerName": "John Doe",
    "BillingEmail": "john@example.com",
    "BillingAddress": "123 Main St",
    "BillingCity": "New York",
    "BillingState": "NY",
    "BillingPostalCode": "10001"
  }'

Creating an API Key (Dashboard)

  1. Log in to the AuxVault dashboard
  2. Navigate to Settings → API Keys
  3. Click Create New Key
  4. Enter a name (e.g., ERP Integration - Production)
  5. Set permissions and optional expiry
  6. Copy the key — it is only shown once

Warning: Store the API key securely. It cannot be retrieved after creation. If lost, revoke and create a new one.


Creating an API Key (Programmatically)

# You need a valid JWT token first — see "JWT Token (Dashboard)" below
curl -X POST https://dev.auxcore.net/api/v1/api-keys \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "merchantId": "YOUR_MERCHANT_ID",
    "name": "ERP Integration Key",
    "permissions": ["transactions.read", "transactions.write", "refunds.write", "customers.read", "customers.write"],
    "expiresInDays": 365
  }'

Response:

{
  "success": true,
  "data": {
    "id": "key_abc123",
    "name": "ERP Integration Key",
    "key": "lqv_live_sk_1234567890abcdef...",
    "permissions": ["transactions.read", "transactions.write", "refunds.write"],
    "createdAt": "2026-02-23T00:00:00Z"
  }
}

Warning: The API key is only shown in this response. Save it immediately.


JWT Token (Dashboard Operations)

For operations that require user-level authentication (managing API keys, users, settings), obtain a short-lived JWT:

curl -X POST https://dev.auxcore.net/api/v1/public/accesstoken \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "admin@yourcompany.com",
    "password": "your-secure-password"
  }'

Response:

{
  "success": true,
  "data": {
    "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
    "user": {
      "id": "user-123",
      "email": "admin@yourcompany.com",
      "role": "merchant",
      "merchantId": "merchant-456"
    }
  }
}

Use the JWT in the Authorization: Bearer header:

curl https://dev.auxcore.net/api/v1/merchants/merchant-456 \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

JWTs expire after 24 hours. To get a new one without re-entering credentials:

curl -X POST https://dev.auxcore.net/api/v1/public/refreshToken \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{ "refreshToken": "YOUR_REFRESH_TOKEN" }'

Authentication Summary

Use Case Header Value
ERP / server integration x-api-key Your API key
All requests X-Tenant-ID Your tenant ID
Dashboard / admin calls Authorization Bearer YOUR_JWT

Permission Scopes

When creating API keys, grant only the permissions your integration needs:

Permission Description
transactions.read View transaction history and details
transactions.write Process sales and authorizations
transactions.void Void transactions
refunds.write Issue full and partial refunds
refunds.read View refund status
customers.read View customer vault entries
customers.write Create and update customers
customers.delete Delete customers from vault
recurring.read View recurring plans
recurring.write Create and manage recurring plans
invoices.read View invoices and payment links
invoices.write Create and send invoices
reports.read Access transaction and settlement reports
api_keys.manage Create and revoke API keys

Error Responses

Missing API Key

{
  "success": false,
  "error": "API key required",
  "message": "Please provide a valid API key in the x-api-key header or request body"
}

Invalid API Key

{
  "success": false,
  "error": "Invalid API key",
  "message": "The provided API key is invalid or has been deactivated"
}

Missing Tenant ID

{
  "success": false,
  "error": {
    "code": "TENANT_REQUIRED",
    "message": "X-Tenant-ID header is required"
  }
}

Expired JWT

{
  "success": false,
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or expired token"
  }
}

Security Best Practices

✅ DO:

❌ DO NOT:


Next Steps


Need help? Contact support@auxvault.com