Skip to main content

Authentication

Partner external integrations

Use the X-API-Key header for partner external endpoints such as /api/partner/*.

X-API-Key: pk_live_your_api_key

Example

curl -X GET "https://service-gateway.loscenotes.com/api/partner/cenotes" \
  -H "X-API-Key: pk_live_your_api_key" \
  -H "Content-Type: application/json"

Other auth models in the platform

Partner portal and management endpoints use JWT
Some shared public endpoints do not require API key auth
Some operational endpoints, such as on-site checkout confirmation, require role-based authenticated access

Error shape

Current API errors are returned in the enhanced global format:

{
  "success": false,
  "message": "validation.invalid_data",
  "error": "Bad Request",
  "statusCode": 400,
  "timestamp": "2026-03-10T18:00:00.000Z",
  "path": "/api/partner/cenotes",
  "requestId": "req_123"
}

Validation errors may also include an errors object; rate-limit responses may include retryAfter.

Partner external integrations
- Example
Other auth models in the platform
Error shape