API Development And
Integration Guid
Headers & Environments
Efficient and secure API integration relies on meticulous management of HTTP headers and environment configurations. The following sections break down the essential headers and environmental setup required when working with WUPEX.
Environments Overview
WUPEX supports two distinct environments:
- Sandbox (Testing Environment)
- Base URL: https://sandbox-service.wupex.com
- Intended for development and testing, without using real data or generating actual charges.
- Production (Live Environment)
- Base URL: https://service.wupex.com
- Used for processing real orders and managing actual inventory.
Important: Always use a sandbox-issued API key for testing and switch to a production-issued API key when moving to live mode. This separation helps prevent accidental use of real data during development.
Required Global Headers
Every WUPEX API request must include the following HTTP headers:
- x-api-key: Your unique API key (sandbox or production)
- Accept-Language: en-US (for consistent language formatting)
- Content-Type: application/json (for POST/PUT requests with JSON body)
Example (cURL):
make file
curl -X POST https://service.wupex.com/api/product/merchant/invited/list \
-H "x-api-key: YOUR_API_KEY" \
-H "Accept-Language: en-US" \
-H "Content-Type: application/json" \
-d '{"page":1,"pageSize":20}'
Why These Headers Matter
- x-api-key
- Used for authentication and access control. Recommended practice is to include API keys in headers, not in URLs or request bodies, to reduce exposure risk
- Accept-Language
- Ensures responses maintain consistent formatting in en-US. Controls localization of date/time or currency formats if supported. Using headers for locale is preferable to embedding such data in payloads.
- Content-Type
- Mandatory for JSON request bodies to signal proper parsing (application/json).
- HTTPS
- All communications must use HTTPS to encrypt headers and prevent credential leakage. Avoid sending sensitive data via URLs or query strings
Headers Security Best Practices
- Store Keys Securely
Use environment variables or secret managers (e.g., AWS Secrets Manager, Vault). Avoid hard-coding or committing keys to source code.
- Do Not Expose to Client-side
Keep API keys only on server-side. Calls from client apps (JS, mobile) risk exposing your keys to end users
- Rotate Keys Regularly
Rotate every 30–90 days and immediately revoke any leaked or unused keys
- Use Custom Headers Over URL
Placing x-api-key in headers is safer and aligns with HTTP best practices, avoiding exposure in logs or caches
- Leverage Supplemental Headers (Optional)
For advanced integration and observability, include headers like:
X-Request-ID or X-Trace-ID for tracking across microservices.
CORS or proxy-specific headers if needed.
Example Integration Snippets
Node.js (Fetch):
js
fetch(`${baseUrl}/api/product/merchant/invited/list`, {
method: "POST",
headers: {
"x-api-key": process.env.WUPEX_API_KEY,
"Accept-Language": "en-US",
"Content-Type": "application/json"
},
body: JSON.stringify({ page:1, pageSize:20 })
});
Python (Requests):
py
import requests
headers = {
"x-api-key": os.getenv("WUPEX_API_KEY"),
"Accept-Language": "en-US",
"Content-Type": "application/json"
}
resp = requests.post(f"{base_url}/api/customer/balance", headers=headers)
Java (HttpClient):
java
HttpRequest req = HttpRequest.newBuilder()
.uri(URI.create(baseUrl + "/api/order/list"))
.header("x-api-key", apiKey)
.header("Accept-Language", "en-US")
.header("Content-Type", "application/json")
.POST(HttpRequest.BodyPublishers.ofString("{...}"))
.build();
Summary
- Use x-api-key, Accept-Language, and Content-Type headers in every request.
- Store keys securely on the server-side.
- Always use HTTPS and avoid sending sensitive data in URLs.
- Include tracking headers if your system supports tracing.
- Maintain environment separation to prevent key leaks.
This structured and secure setup will ensure consistent communication and secure integration across both Sandbox and Production environments.
Get Started
Product API
Order API
Customer API
Common Parameters & Headers
Error Handling & Status Codes (Optional)
Postman Collection & Tools (Optional)
Let’s Boost Your
Business Efficiency
Say goodbye to delays, fraud, and complex setups—our solution is built for speed and trust.
Get Latest News for Free!
Sign up to get product updates, new partner alerts, and
exclusive API insights
exclusive API insights
No spam. Unsubscribe anytime
Why WUPEX?
Partners
- Apple
- PSN
- Razer Gold
- Xbox
- PUBG
- Steam
- Jawaker
- Roblox
- Fornite
- Minecraft
- Yalla Ludo
- FC Mobile
- Freefire
Industries
- Banks & Fintech
- Retail & eCommerce
- Payment Gateways
- Telecom & Wallets
- Gaming & Esports
- Corporate Gifting
Resources
Company
Downloads
Features
- Seamless Integration
- Secured API
- Real-Time Delivery
- Bulk Digital Gift Cards
- Fraud Prevention
- Global Brand Access
Support
- Get Started
- Customer Support
- Portal Guide
- API Integration Guide
- Help Center
Why WUPEX?
Partners
- Apple
- PSN
- Razer Gold
- Xbox
- PUBG
- Steam
- Jawaker
- Roblox
- Fornite
- Minecraft
- Yalla Ludo
- FC Mobile
- Freefire
Industries
- Banks & Fintech
- Retail & eCommerce
- Payment Gateways
- Telecom & Wallets
- Gaming & Esports
- Corporate Gifting
Features
- Seamless Integration
- Secured API
- Real-Time Delivery
- Bulk Digital Gift Cards
- Fraud Prevention
- Global Brand Access
Support
- Get Started
- Customer Support
- Portal Guide
- API Integration Guide
- Help Center
Copyright © 2024 WUPEX | All Rights Reserved.