Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.orafi.app/llms.txt

Use this file to discover all available pages before exploring further.

All requests to the Orafi API must include a valid API key in the x-api-key header. Your API key identifies your business and determines whether requests run in test or live mode.

API key format

EnvironmentPrefixExample
Testora_test_ora_test_a1b2c3d4e5f6...
Liveora_live_ora_live_x9y8z7w6v5u4...
Both test and live keys are 32+ characters and available in your Dashboard.

Making authenticated requests

Include your API key in the x-api-key header on every request: 
curl -X GET https://api.orafi.app/transactions \
  -H "x-api-key: ora_test_your_api_key"
Requests without a valid x-api-key header return a 401 Unauthorized error.

Test vs live mode

Your API key controls which mode you operate in. Both modes use the same base URL (https://api.orafi.app), so there’s no environment-specific endpoint to remember.
FeatureTest modeLive mode
Real fundsNo (testnet)Yes (mainnet)
WebhooksDelivered normallyDelivered normally
Onboarding requiredNoYes
API key prefixora_test_ora_live_
Always develop and test your integration using test-mode keys first. Switch to live keys only after your integration is verified.

Keeping keys secure

  • Never expose API keys in client-side code, mobile apps, or public repositories.
  • Store keys in environment variables or a secrets manager.
  • Rotate keys immediately if you suspect they have been compromised.
  • Use test keys for all development and CI/CD pipelines.