Authentication
All Blackgoat API requests are authenticated using a personal API key. Your keys carry many privileges, so be sure to keep them secret!
Key Security Policy
Do not share your API keys in publicly accessible areas such as GitHub, client-side code, or support tickets. Use environment variables in your server-side environment.
The X-API-Key Header
Authentication is performed via the X-API-Key custom HTTP header. Bearer tokens are currently not supported for B2B integrations.
curl -X GET "https://pioe.app/api/v1/verify/tin" \ -H "X-API-Key: tp_test_4f92ac..." \ -H "Content-Type: application/json"
Obtaining a Key
Create a Developer Account
Sign up for our B2B portal and verify your business identity.
Generate Your First Key
Navigate to the "API Keys" section in your dashboard and click "Generate New Key".
Wallet Top-up
Ensure your wallet has a positive balance. Requests with insufficient funds will be rejected with a 402 error.
Manage your keys now
Access your developer dashboard to create, rotate, or revoke API keys in seconds.
Go to API KeysSecure Transport
All requests are forced over HTTPS with TLS 1.3 encryption.
Scoped Access
Keys are limited to specific environments and authorized businesses.
Identity Proof
Required for CAC and TIN verification to prevent fraudulent use.