Authentication - Dancity

Merchant API key

Every VAS (/api/v1) request must include:

Authorization: Bearer dcy_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
channel: API

Your API key can spend wallet balance and purchase services on behalf of the linked account. Never expose it in client-side code, public repositories, or logs. Store it only in server-side environment variables.

Example (merchant)

curl -sS -X POST "https://api.dancity.app/api/v1/cable/validate" \
  -H "Authorization: Bearer dcy_live_xxxx..." \
  -H "Content-Type: application/json" \
  -H "channel: API" \
  -d '{"smartcardNumber":"1234567890","cablename":"DSTV"}'

IP allowlist (merchant keys)

Restrict your API key to specific IPs or CIDR ranges from your API key page. Adding or changing entries requires OTP verification.

An empty IP allowlist blocks all traffic. Add at least one IP or CIDR before calling the VAS (merchant) API.

Format	Example
IPv4	`203.0.113.5`
IPv6	`2001:db8::1`
IPv4 CIDR	`192.168.1.0/24`
IPv6 CIDR	`2001:db8::/32`

Up to 20 entries.

Quickstart Error Reference

​Merchant API key

​Example (merchant)

​IP allowlist (merchant keys)

Merchant API key

Example (merchant)

IP allowlist (merchant keys)