Skip to main content

Authorization

Follow this guide to create a new Paddle credential that will allow Nexla to authenticate to and exchange data with your Paddle account.
paddle_api_auth.png

Paddle

Prerequisites

To connect Nexla to Paddle, you need an active Paddle account and an API key. Paddle uses API key authentication with Bearer token authorization—your API key is sent as a Bearer token in the Authorization header of every request.

Paddle maintains two completely separate environments: Sandbox (for testing) and Production (for live transactions). Each environment has its own distinct API keys, base URL, and data set. Keys are not interchangeable between environments.

  • Sandbox base URL: https://sandbox-api.paddle.com
  • Production base URL: https://api.paddle.com

Create a Paddle Account

If you do not already have a Paddle account, register at paddle.com. For sandbox testing, create a separate sandbox account at sandbox-vendors.paddle.com.

Generate a Paddle API Key

Paddle API keys are 69 characters long and are prefixed with pdl_apikey_. Sandbox API keys are prefixed with pdl_sdbx_apikey_.

  1. Sign in to your Paddle dashboard. For the production environment, sign in at vendors.paddle.com. For the sandbox environment, sign in at sandbox-vendors.paddle.com.

  2. Navigate to Developer Tools in the left-hand navigation menu, and select Authentication.

  3. Click on the API keys tab.

  4. Click the Generate API Key button (or New API Key, depending on your dashboard version).

  5. Provide a descriptive Name for the key so you can identify it later (for example, Nexla Integration).

  6. Optionally, set an Expiry date for the key. By default, keys expire 90 days from the date of creation. Setting an appropriate expiry date and rotating keys regularly is recommended for security.

  7. Review and configure the key's Permissions. Paddle API keys support scoped permissions—select only the permissions that are necessary for your intended use with Nexla (for example, read access to transactions, subscriptions, products, and customers).

  8. Click Save (or Create) to generate the key.

  9. Copy the API key value immediately and store it securely. Paddle will only display the full API key value once at the time of creation. After navigating away, you will no longer be able to view the key value.

Important

Store your Paddle API key in a secure secrets manager or environment variable. Never embed it directly in code or share it with untrusted parties. If a key is compromised, revoke it from the Paddle dashboard and generate a new one.

For complete information about Paddle API key management—including scoped permissions, key rotation, and revocation—see the Paddle API Keys documentation.

Create a Paddle Credential

  • To create a new Paddle credential, after selecting the data source/destination type, click the Add Credential tile to open the Add New Credential overlay.

Credential Name & Description

  1. Enter a name for the credential in the Credential Name field and a short, meaningful description in the Credential Description field.

    Resource descriptions are recommended but are not required. They should be used to provide information about the resource purpose, data freshness, etc. that can help the owner and other users efficiently understand and utilize the resource.

API Key Authentication

Paddle uses API Key Authentication with a Bearer token scheme. Your API key is sent in the Authorization header as Bearer <your_api_key> with every request.

  1. Enter your Paddle API key in the API Key Value field. This is the 69-character key prefixed with pdl_apikey_ (production) or pdl_sdbx_apikey_ (sandbox) that you generated in the Paddle dashboard. This value will be stored securely and used as the Bearer token for all API requests made by Nexla.

  2. Select the Base URL that corresponds to the Paddle environment you want to connect to:

    • Sandbox (https://sandbox-api.paddle.com): Use this option for testing and development. The sandbox environment is completely isolated from production data, allowing you to test integrations without affecting live transactions.

    • Production (https://api.paddle.com): Use this option for live, real-world data. All API calls will interact with your production Paddle account and real customer transactions.

    Sandbox and production environments have separate accounts, separate API keys, and separate datasets. A sandbox API key will return a forbidden error if used against the production base URL, and vice versa. Ensure the Base URL you select matches the environment your API key was generated in.

Save the Credential

  1. Once all of the relevant steps in the above sections have been completed, click the Save button at the bottom of the overlay to save the configured credential.

  2. The newly added credential will now appear in a tile on the Authenticate screen during data source/destination creation and can be selected for use with a new data source or destination.