Getting Started

Authentication

Every request to the Modulate Partner API must include your API key

The Modulate Partner API uses API key authentication. Include your key in every request using the X-Partner-API-Key header.

Example request
$curl https://getmodulate.dev/api/partner/merchants \
>  -H "X-Partner-API-Key: YOUR_API_KEY"

Getting your API key

API keys are provisioned by the Aurora Payments team. To request one:

  1. Log in to your Partner Portal account
  2. Contact your account manager or email help@getmodulate.dev
  3. You’ll receive your key via secure channel — store it somewhere safe

Keep your API key private. Do not embed it in client-side code or commit it to source control. Treat it like a password.

Using your key

Pass your API key as a request header on every call:

$X-Partner-API-Key: YOUR_API_KEY
$curl https://getmodulate.dev/api/partner/merchants \
>  -H "X-Partner-API-Key: YOUR_API_KEY"

Error responses

If authentication fails, you’ll receive one of these responses:

StatusCodeMeaning
401AUTHENTICATION_REQUIREDX-Partner-API-Key header is missing
401AUTHENTICATION_REQUIREDAPI key is invalid or has been revoked
403INSUFFICIENT_SCOPEKey exists but lacks permission for this endpoint
Example error response
1{
2  "error": {
3    "code": "AUTHENTICATION_REQUIRED",
4    "message": "Missing X-Partner-API-Key header",
5    "request_id": "req_abc123"
6  }
7}

Key scopes

API keys are scoped to control access. Currently available scope:

ScopeAccess
partner:readFull read access to merchants, pricing, transactions, statements, and residuals

Additional write scopes (e.g. merchant updates) are on the roadmap. Contact your account manager to discuss early access.

Rotating your key

If your key is compromised, contact help@getmodulate.dev immediately to revoke the old key and issue a new one.