vermilion
getting started

Authentication

The API authenticates with secret keys sent as a bearer token. Keys are scoped to one environment: sk_sandbox_… keys work only against sandbox data, sk_live_… only against live.

Authorization: Bearer sk_sandbox_hoAZ… Idempotency-Key: order-8412

Idempotency

Every mutating request (POST, PATCH, DELETE) requires an Idempotency-Key header — any unique string up to 255 characters, typically your order id. Within 24 hours, a replay with the same key returns the original response with the header Idempotency-Replayed: true. A concurrent duplicate returns 409 idempotency_conflict.

Key management