Authentication
How to authenticate requests using your API key.
All API requests must include a valid API key in the X-API-Key header.
API key format
Sandbox keys follow this format:
sk_sbx_{uuid}_{secret}You will receive your API key when your sandbox account is provisioned. The key is shown once — store it securely.
Making a request
Pass your API key in the X-API-Key header:
curl -X POST https://sandbox-api.callplus.be/api/v1/simulations \
-H "Content-Type: application/json" \
-H "X-API-Key: sk_sbx_550e8400-e29b-41d4-a716-446655440000_your_secret_here" \
-d '{
"accountingFirm": {
"name": "Example Accounting",
"companyNumber": "0123.456.789"
},
"accountant": {
"firstName": "Jean",
"lastName": "Dupont",
"email": "[email protected]"
},
"company": {
"name": "Super Company",
"companyNumber": "0987.654.321",
"corporateTaxRate": 0.25,
"socialContributionsPaidByCompany": true,
"vatRegistered": true
},
"beneficiary": {
"firstName": "Alice",
"lastName": "Martin",
"email": "[email protected]"
},
"plan": {
"referenceSalary": 50000.00,
"benefitInKind": 12500.00,
"type": "FULL"
}
}'Error responses
Missing or invalid API key:
HTTP 401{
"success": false,
"requestId": "...",
"error": {
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
}Suspended account:
HTTP 403{
"success": false,
"requestId": "...",
"error": {
"code": "FORBIDDEN",
"message": "Tenant account is suspended"
}
}Security best practices
- Never expose your API key in client-side code, public repositories, or logs.
- Rotate your key immediately if you suspect it has been compromised — contact the Call+ team.
- Use environment variables to store keys in your application.
Updated about 1 month ago