LakiConnect
Authentication
API Key Authentication
All LakiConnect API operations are authenticated using the master merchant's API key passed in the X-API-Key request header. The API key identifies the master merchant; no separate account scoping is required for master-level operations.
Endpointbash
curl -X GET "https://api.lakipay.co/api/v2/lakiconnect/connected-accounts" \
-H "X-API-Key: lk_pub_xxxxxxxxxxxxxxxxxxxx:lk_sec_xxxxxxxxxxxxxxxxxxxx"Required Headers
| Header | Required | Description |
|---|---|---|
| `X-API-Key` | Always | Master merchant API key. |
| `X-Connected-Merchant-ID` | Route-dependent | UUID of the connected merchant. Required for KYC upload, wallet queries, and per-connected fee config operations. |
| `Content-Type` | On POST/PUT | `application/json` (or `multipart/form-data` for file uploads). |
Header casing note: Payment routes use X-Connected-Merchant-Id (lowercase d). Configuration and onboarding routes use X-Connected-Merchant-ID (uppercase D). Use the exact casing documented for each endpoint.
Dashboard Authentication (Browser Flows)
Both master merchant and connected accounts can access logining to the dashboard https://dashboard.lakipay.co with their own credentials.
What does the master merchant Dashboard view ?
- Dashboard analytics
- Connected accounts management
- Transactions list
- wallet Balance
- Webhook logs
- Manage fee structure
What does the connected accounts Dashboard view ?
- Dashboard analytics
- Profile and KYC Status
- Transactions list
- wallet Balance
- Webhook logs
Security Best Practices
- Store API keys in environment variables or a secrets manager — never in source code or version control.
- Rotate keys immediately if a compromise is suspected.
- Use separate API keys for sandbox and production.
- Restrict key permissions to only the RBAC resources your integration requires.