Skip to main content

Overview

All requests to the Yala API must include an API key in the x-api-key header. Keys are environment-specific, scoped to your tenant, and grant access to the resources configured for your organization.
Treat your API keys like passwords. Rotate them periodically and delete keys that are no longer in use.

Obtain keys

  1. Request sandbox access from your Yala relationship manager or developers@useyala.com.
  2. Generate API keys in the Yala dashboard. Each key is associated with a specific environment (sandbox or production).
  3. Share keys securely with integration partners using a password manager or secret sharing tool.
Newly generated API keys can take up to 20-30 minutes to fully propagate. During this window, requests may return 403 Forbidden. Wait a few minutes and retry.

Optional request headers for debugging

You may send an optional x-request-id (or x-correlation-id) header on any request. If you do, we will use the same value in our logs and responses. Sending it helps speed up support and debugging when you contact us.

Send authenticated requests

curl https://gateway.staging.useyala.com/v1/payout-api/payouts/methods?sourceCurrency=NGN\&destinationCurrency=USD\&destinationCountryCode=USA \
  -H "Content-Type: application/json" \
  -H "x-api-key: <SANDBOX_API_KEY>" \
  -H "x-request-id: <YOUR_REQUEST_ID>" \
  -d '{ ... }'

Rotate keys

  • Maintain at least two active keys per environment so you can swap without downtime.
  • Update your application to use the new key, then revoke the old key in the dashboard.
  • Audit key usage regularly to ensure dormant keys are disabled.

Handling leaked keys

If you suspect a key has been exposed:
  1. Revoke the compromised key immediately from the dashboard.
  2. Generate a new key and update your applications.
  3. Contact support with recent request IDs to investigate potential misuse.
Monitor the status page for real-time updates on platform availability.