Making Your First API Call

Once you have an API key, the fastest way to verify everything is wired up correctly is to hit the /ping endpoint. It echoes back your account ID, the current environment, and a server timestamp.

GET/v1/ping

Request

curl https://sandbox.api.vaultspay.ae/v1/ping \
  -H "Authorization: Bearer sk_test_yourApiKeyHere"

const response = await fetch('https://sandbox.api.vaultspay.ae/v1/ping', {
  headers: { Authorization: `Bearer ${process.env.VAULTSPAY_TEST_KEY}` }
})
const data = await response.json()
console.log(data)

import requests
r = requests.get(
    'https://sandbox.api.vaultspay.ae/v1/ping',
    headers={'Authorization': f"Bearer {os.environ['VAULTSPAY_TEST_KEY']}"}
)
print(r.json())

<?php
$ch = curl_init('https://sandbox.api.vaultspay.ae/v1/ping');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
  'Authorization: Bearer ' . getenv('VAULTSPAY_TEST_KEY'),
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$res = curl_exec($ch);
curl_close($ch);
echo $res;

Response

200 OK

{
  "pong": true,
  "account_id": "acct_01HX71YM6FJ3A8W7T5K6NRB2DN",
  "environment": "sandbox",
  "server_time": "2026-04-24T14:52:03.182Z",
  "api_version": "2026-04-01"
}

What to check

HTTP 200 — you’re authenticated correctly.
environment matches your key prefix — sk_test_ should return sandbox, sk_live_ should return production.
server_time is fresh — verifies clock skew. Requests more than 5 minutes out-of-sync will be rejected.

Troubleshooting

Status	Error code	What it means
401	`invalid_api_key`	Key is malformed, revoked, or missing the prefix.
401	`unauthorized_ip`	Request IP is not in your allow-list.
403	`account_suspended`	Reach out to developers@vaultspay.ae.
500	`server_error`	Transient — retry with exponential backoff.

See the full list in Errors.

Quick Start Request & Response Format