The Change API is authenticated using public and secret keys. Sign up for a Change account to get your keys.

You have four keys; two test keys and two production keys. Test keys contain _test, and production keys contain _live.

Key PrefixDescription
pk_test…Your public key for testing.
sk_test…Your secret key for testing.
pk_live…Your public key for production. Donations made with this key will be billed.
sk_live…Your secret key for production. Donations made with this key will be billed.

Authentication is perfomed with HTTP Basic Auth. Most HTTP clients have built-in Basic Auth. Here are some examples (If you’re logged in with your Change account, your test keys will be auto-filled):


const encodedCredential = btoa('YOUR_PUBLIC_KEY' + ':' + 'YOUR_SECRET_KEY');
fetch(endpoint, {
headers: {
'Authorization': 'Basic ' + encodedCredential,

http.get(endpoint, { auth: 'YOUR_PUBLIC_KEY:YOUR_SECRET_KEY' });



HTTParty.get(endpoint, basic_auth: {
username: 'YOUR_PUBLIC_KEY',
password: 'YOUR_SECRET_KEY'


requests.get(endpoint, auth=('YOUR_PUBLIC_KEY', 'YOUR_SECRET_KEY'))

Or, use a header

Alternatively, you can authenticate manually using the Authorization header. Set the following header on your requests:


Your encoded credential is calculated like this, which you can run in your terminal:

printf 'pk_...:sk_...' | base64
Made with ❤ in San Francisco | Changelog | Status