DGS-Pay API v2
Dashboard
Security

Authentication

Every DGS-Pay API request requires two headers: your API key and your account number. Both are available in your merchant portal under Settings → API Settings. Test and live environments each have their own separate set of credentials.

Required Headers

Include these on every request:

HTTP Headers
X-DGS-API-Key: YOUR_DGS_API_KEY
X-DGS-ACCOUNT-NUMBER: YOUR_DGS_ACCOUNT_NUMBER
Content-Type: application/json

cURL Example with Auth

cURL
curl -X GET \
  https://pay.digitalservicescenter.rw/generation/v2/balance \
  -H "X-DGS-API-Key: sk_live_xxxxxxxxxxxxxxxxxxxx" \
  -H "X-DGS-ACCOUNT-NUMBER: ACC-0001234" \
  -H "Content-Type: application/json"

IP Whitelisting (Production only)

In production you can restrict API access to a specific set of server IP addresses. Any request arriving from an IP not on your whitelist will be rejected with a 91 Auth Error. Configure your allowed IPs in Settings → API Settings in the merchant portal. This feature is not enforced in sandbox.

Security Rules — Never Skip These
  • Never embed your API key in client-side JavaScript or mobile app source code — keys must only exist on your server.
  • Store keys as environment variables (e.g. .env files) and keep them out of version control.
  • Enable IP whitelisting before switching to production.
  • Rotate your API keys periodically and immediately if you suspect exposure.

Need Help?

Our technical team is ready to assist with integration questions, testing, and go-live checks.

Contact Support