Skip to main content

API Key Authentication

All API requests require authentication using a Partner API Key. Credzu uses a simple, secure key-based authentication that’s consistent with systems like Shape, TotalExpert, and Velocify.

Header Format

Include your API key in the Authorization header: 
Authorization: Credzu-Key {YOUR_API_KEY}

Example Request

curl -X POST https://credzu.com/wp-json/credzu/v1/create-lead \
  -H "Authorization: Credzu-Key pk_live_abc123xyz789" \
  -H "Content-Type: application/json" \
  -d '{
    "first_name": "John",
    "last_name": "Smith",
    "email": "[email protected]",
    "phone": "555-123-4567"
  }'

Getting Your API Key

Each referral partner receives:
  • Production API key - For live transactions
  • Sandbox API key (optional) - For testing
Contact Credzu to obtain your API credentials. Keys can be rotated at any time by Credzu staff.
Keep your API keys secure. Never share them in public repositories, client-side code, or unsecured channels.

Environments

EnvironmentBase URLPurpose
Productionhttps://credzu.com/wp-json/credzu/v1Live data, real credit scans, actual escrow transactions
Sandboxhttps://sandbox.credzu.com/wp-json/credzu/v1Test data, simulated events, mock score updates
Always use the sandbox environment for initial integration testing before going live.

Security Requirements

Transport Security

  • HTTPS required - All API requests must use HTTPS
  • TLS 1.2+ - Minimum TLS version supported

Data Protection

Partners must protect:
  • API keys
  • Returned lead IDs
  • Any score or milestone data received via webhooks
No full credit reports are exchanged via API. All sensitive credit data remains inside Credzu’s secure environment.

Authentication Errors

If the API key is invalid or missing, requests will fail with an AUTH_FAILED error: 
{
  "success": false,
  "error": {
    "code": "AUTH_FAILED",
    "message": "Invalid API key"
  }
}
Common causes:
  • Missing Authorization header
  • Incorrect key format (must use Credzu-Key prefix)
  • Expired or revoked API key
  • Using production key on sandbox or vice versa