Sentry
Get Started
OverviewAuthenticationAPI KeysCustomersInvoicesSalesOpenClawPortal

Authentication

All API requests require authentication using scoped API keys. Each key is associated with a specific merchant account and has granular permissions for secure access control.

API Key Format

Sentry Payments API keys follow the format: sntr_ followed by random base64url characters.

sntr_abcdefghijklmnopqrstuvwxyz123456

Bearer Token Authentication

Include your API key in the Authorization header using the Bearer scheme:

Authorization: Bearer sntr_abcdefghijklmnopqrstuvwxyz123456

Example cURL Request

curl -X GET \
  -H "Authorization: Bearer sntr_abcdefghijklmnopqrstuvwxyz123456" \
  https://sandbox.sentrypos.app/public/api/v1/customers

Scoped Permissions

Each API key has specific scopes that determine what actions it can perform. Scopes are assigned when creating the key and cannot be escalated.

Customer Scopes

  • customer:read - View customers
  • customer:write - Create/update customers

Invoice Scopes

  • invoice:read - View invoices
  • invoice:write - Create/update invoices
  • invoice:remind - Send invoice reminders

Sales Scopes

  • sales:read - View sales history

All Scopes

A key with all scopes has full access to customer, invoice, and sales operations for the merchant account.

customer:read,customer:write,invoice:read,invoice:write,invoice:remind,sales:read

Error Responses

Authentication errors return standard HTTP status codes with descriptive error messages:

Status CodeError CodeDescription
401UNAUTHORIZEDMissing or invalid API key
403FORBIDDENAPI key not allowed from this IP address
403INSUFFICIENT_SCOPEAPI key missing required scopes for this endpoint

Rate Limiting

API keys are rate limited to 60 requests per minute per key. If you exceed this limit, you'll receive a 429 Too Many Requests response.

HTTP/1.1 429 Too Many Requests
Content-Type: application/json

{
  "error": "RATE_LIMIT_EXCEEDED",
  "message": "Rate limit exceeded. Please try again in 60 seconds."
}

Next Steps

Now that you understand authentication, learn how to create and manage API keys in the merchant portal.

API Key Management →