Clausum uses Bearer authentication :
Authorization: Bearer < your_key_or_toke n >
Partner API requests target your assigned API base URL ($CLAUSUM_API_BASE). Clausum support delivers the hostname when your workspace is provisioned — see Access & environments . Three key types (plain names) In the dashboard (Integraciones → Claves de integración ) you will see friendly labels. The prefix on the key is technical only.
You need… Dashboard name Prefix Typical use Risk before payment in web/app Checkout (browser) clm_pub_SDK, POST /api/v1/assess from client Backend integration Server (backend) clm_sk_Assess, report fraud, merchant API Pipe events into Clausum Event ingest clm_wh_POST /api/webhooks/ingest only
Checkout clm_pub_* — limited to assessment. Safe in the browser.
Server clm_sk_* — server only. Never ship to clients.
Event ingest clm_wh_* — not for checkout or merchant API.
Create and revoke keys under Integraciones → Claves de integración
Clausum shows each key once at creation. Store it in a secrets manager. Revocation in the dashboard is immediate.
Using a key curl " $CLAUSUM_API_BASE /api/v1/assess" \ -H "Authorization: Bearer clm_sk_xxx" \ -H "Content-Type: application/json" \ -d '{ "amount": 1000, "currency": "USD" }'
Prefer the Authorization header over api_key query parameters (query strings may appear in logs).
Permissions (server keys) Permissions look like resource:action (e.g. fraud:report). * means full access for that key type.
Endpoint Key type Permission POST /api/v1/assessCheckout or server assess (or *)POST /api/v1/report-fraudServer only fraud:reportGET/POST /api/v1/merchant/*Server only e.g. transactions:read POST /api/webhooks/ingestEvent ingest (clm_wh_) valid ingest key
Dashboard session (not API keys) Dashboard routes (blocklists, cases, team, …) use a Supabase JWT after sign-in at sandbox.clausum.ai , not clm_pub_ / clm_sk_.
Errors Status Meaning 401Missing, invalid, disabled, or revoked key 403Wrong key type (e.g. checkout key on merchant API) or missing permission 429Rate limit exceeded
See Errors and API keys . 
