Skip to main content


Qard API uses two methods to authenticate API requests:

  • API Key
  • OAuth2.0 implicit

Api Key

To use the API with the Api Key authentication method you have to include the header X-API-KEY in every request.

curl -X GET "" -H "accept: application/json" -H "X-API-KEY: xxxxxxxxxxxxxxxxxxxxxxxx"

All API calls must be done from your server directly to our server, and not from a user's browser, otherwise your Api Key will easily be compromised.

OAuth2.0 implicit

OAuth2.0 implicit is the preferred way if you want to build an application which make api calls directly from a browser.

Please contact the support at if you want to enable this authentication method.