Getting started
Authentication
The rely7 API authenticates with an API key, not a login or JWT. Each key resolves a request to exactly one business and one environment. Send it as a Bearer token on every request:
Authorization: Bearer rly_live_a1b2c3d4e5f6...Key format
Liverly_live_<random>
Testrly_test_<random>
The secret is shown once
When you create or rotate a key, the full secret is returned exactly once in your dashboard. Store it securely — it is hashed at rest and never shown again. After that you only ever see the display prefix (e.g.
rly_live_a1b2).Environments
There are two environments, selected purely by which key you use — there is no environment toggle or header. A rly_test_ key always operates in the sandbox; a rly_live_ key always operates in live. You can never cross environments in a single request.
Environments
TEST (sandbox)LIVE
Idempotency
Order-creating and cancel requests require an Idempotency-Key header (a unique value you generate per request). Retrying with the same key and body replays the stored response; reusing a key with a different body returns 409 Conflict. This makes retries safe.
Fail-closed
If the owning business is suspended, its API access is not approved for the key's environment, or the key is revoked, the request is rejected (401/403) and nothing is created.