Who Am I
GET
/v1/auth/whoamiOptionalIntrospect the authenticated subject from the verified API key. Reports whether the caller is a merchant or a submerchant and its scope.
Authentication
Signature Pattern
HMAC-SHA256(secretKey, "{timestamp}\nGET\n/v1/auth/whoami\n{sha256(\"\")}")| Header | Value | Description |
|---|---|---|
X-Api-Key | pk_live_a1b2c3d4e5f6g7h8 | Merchant public API key |
X-Signature | {hmac_sha256_hex} | Hex HMAC-SHA256 request signature |
X-Timestamp | 2026-04-13T10:00:00Z | ISO 8601 UTC request time (±5 min) |
Response Parameters
| Field | Type | Example |
|---|---|---|
subjectScope | string | "merchant" |
merchantId | string | "mrc_8a1b2c3d4e5f" |
apiKeyId | string | "key_708192a3b4c5" |
Response Example
JSONResponse
{
"subjectScope": "merchant",
"merchantId": "mrc_8a1b2c3d4e5f",
"apiKeyId": "key_708192a3b4c5"
}Status Codes
200Success
201Created
400Bad Request
401Unauthorized
404Not Found
429Rate Limited
Try itMock
GEThttps://api.pay.sandbox.kvell.group