Bunne

API Documentation

Authentication

Authenticate every API call with scoped Bearer keys.

Bunne uses secret API keys for server-to-server REST calls. Keys are environment scoped and carry explicit permissions.

Keep secret keys on the server

Never expose sk_live_ or sk_test_ in browser code. Browser tokenization will use a future public key family.
Authenticated request
curl https://bunne.com.br/api/v1/charges/ch_xxx \  -H "Authorization: Bearer sk_test_xxx"

Key families

FieldTypeDescription
sk_test_secretSandbox API key. Creates TEST data only.
sk_live_secretProduction API key. Creates LIVE data only.

Common permissions

FieldTypeDescription
charges:createwriteCreate charges and capture authorized charges.
charges:readreadRetrieve charges in the API key scope.
payment_methods:tokenizewriteExchange raw card data for a reusable token.

Authentication errors

Invalid key
{  "error": {    "type": "authentication_error",    "code": "invalid_api_key",    "message": "Missing or invalid API key.",    "request_id": "req_xxx"  }}