Authentication
Key Types
Payre uses two types of API keys:
| Key | Prefix | Owner | Example |
|---|---|---|---|
| Developer secret key | pyr_sk_live_ | MCP server developer | pyr_sk_live_a1b2c3d4e5f6... |
| Consumer API key | pyr_ck_live_ | Tool consumer | pyr_ck_live_x9y8z7w6v5u4... |
How to Authenticate
Include your key in the Authorization header:
bash
# Developer endpoint
curl https://api.payre.dev/v1/earnings \
-H "Authorization: Bearer pyr_sk_live_xxx"
# Consumer endpoint
curl https://api.payre.dev/v1/balance \
-H "Authorization: Bearer pyr_ck_live_xxx"The API determines your role (developer or consumer) from the key prefix.
Consumer Key in MCP Calls
When a consumer calls your MCP server, they pass their key as X-Payre-Key:
bash
curl -X POST https://your-server.com/mcp \
-H "X-Payre-Key: pyr_ck_live_xxx" \
-d '{"method": "tools/call", "params": {"name": "search", "arguments": {}}}'Your server extracts this key and passes it to payre.charge(). The SDK then sends it to the Payre API via Authorization: Bearer.
Getting Your Keys
- Developers: Sign up at console.payre.dev via GitHub -> Developer Settings -> Secret Key
- Consumers: Sign up at console.payre.dev -> API Key page
Security
- Never expose your developer secret key to clients
- Store keys in environment variables, not source code
- Consumer keys are safe to include in client-side MCP configs (they can only spend the consumer's own balance)