Authentication
API key format, headers, response envelope, and common error behavior.
API key header
Every documented route in this reference requires the X-API-KEY header.
X-API-KEY: netconnect_live_your_secret_hereValid prefixes are:
netconnect_live_netconnect_test_
If the header is missing, malformed, revoked, or unknown, the API returns 401 Unauthorized.
Response envelope
Successful responses use:
{
"success": true,
"data": {}
}Error responses use:
{
"success": false,
"error": {
"message": "Invalid API key",
"code": "UNAUTHORIZED"
}
}Common error codes
| Code | Meaning |
|---|---|
UNAUTHORIZED | Missing or invalid API key |
INVALID_JSON | Request body is not valid JSON |
NOT_FOUND | Route shape or resource path is invalid |
PROFILE_NOT_FOUND | Authenticated profile could not be resolved |
ORDER_NOT_FOUND | Order does not exist or does not belong to the API key owner |
PACKAGE_NOT_FOUND | Package does not exist |
TOPUP_REQUEST_FAILED | Top-up mutation rejected the request |
BUY_DATA_FAILED | Single data bundle order failed validation or creation |
BUY_DATA_BULK_FAILED | Bulk data bundle order failed validation or creation |
RC_WALLET_BUY_FAILED | Result checker single-wallet purchase failed |
RC_WALLET_BULK_BUY_FAILED | Result checker bulk-wallet purchase failed |
CORS behavior
The public API allows:
GETPOSTOPTIONS
Allowed headers:
Content-TypeX-API-KEY
Quick probe
Use the profile route as the first connectivity check when a new partner is wiring access.
curl -X GET "https://api.netconnectgh.online/api/v1/profile" \
-H "X-API-KEY: netconnect_live_your_secret_here" \
-H "Content-Type: application/json"