Authentication

All LakiConnect API operations are authenticated using the master merchant's API key passed in the X-API-Key request header. The API key identifies the master merchant; no separate account scoping is required for master-level operations.

curl -X GET "https://api.lakipay.co/api/v2/lakiconnect/connected-accounts" \
  -H "X-API-Key: lk_pub_xxxxxxxxxxxxxxxxxxxx:lk_sec_xxxxxxxxxxxxxxxxxxxx"

In your codebase, the following values are typically configured per environment (sandbox/production):

• baseUrl — base API URL for LakiConnect.
• Master API key — the value used in X-API-Key.
• Default connected merchant ID(s) — for test scenarios and seed data.

Do not hardcode these values; instead, use configuration files or environment variables so that deployments can target different environments without code changes.

# .env.example (never commit real keys)
LAKICONNECT_BASE_URL=https://api.lakipay.co
LAKICONNECT_API_KEY=lk_pub_xxxxxxxx:lk_sec_xxxxxxxx
LAKICONNECT_TEST_MERCHANT_ID=<connected_merchant_uuid>

Both master merchant and connected accounts can access logining to the dashboard https://dashboard.lakipay.co with their own credentials.

What does the master merchant Dashboard view ?

• Dashboard analytics
• Connected accounts management
• Transactions list
• wallet Balance
• Webhook logs
• Manage fee structure

What does the connected accounts Dashboard view ?

• Dashboard analytics
• Profile and KYC Status
• Transactions list
• wallet Balance
• Webhook logs

• Store API keys in environment variables or a secrets manager — never in source code or version control.
• Rotate keys immediately if a compromise is suspected.
• Use separate API keys for sandbox and production.
• Restrict key permissions to only the RBAC resources your integration requires.