Authentication & Headers

UMVA API Authentication

The UMVA API uses a key pair for authentication. To make an authenticated request to the API, you must include the appropriate headers as described below.

Obtain the Keys:

Merchants: Merchants are required to use both Public and Secret Keys. These can be copied from the merchant dashboard under the specific merchant account details: https://umva.net/merchant/business/api/key. Please ensure that your keys are stored safely and not shared publicly. If your keys are compromised, contact UMVA immediately for assistance. You can also regenerate the Secret Key from your merchant account dashboard.

Non-Merchants and Referral Programs: Only API Keys are required, which can be obtained here: https://umva.net/user/api-keys.

Request Headers: For most API requests, only the Public Key header is required. Situations that require the Secret Key header will be indicated in the documentation.

Header Name Value Required
Content-Type application/json YES
x-api-version API version (currently 1) YES
X-API-Key The API Key as obtained from the merchant account or user API keys YES
Authorization Bearer <your_api_key> (Alternative to X-API-Key) NO

DOMAIN MANAGEMENT API

Base URL: https://umva.net/api/domain

Authentication & Permissions: Ensure your API keys have the 'domain' or 'all' permission scope to access these endpoints. All API requests that involve charges will securely deduct from your USD currency wallet balance. If you do not have a USD wallet, one will be created automatically. If your USD balance is insufficient to cover a requested operation, the request will immediately fail with an HTTP 400 error. Every successful charge generates a corresponding financial transaction record in your account history (e.g., domain_registration_api, domain_renewal_api).

Standard Response Formats

All successful responses follow this JSON structure:

{
  "success": true,
  "message": "Action successful description.",
  "data": { ... } // Optional extra data
}

Error responses follow this structure (typically returning HTTP status 400, 404, 500, or 503):

{
  "success": false,
  "message": "Error description."
}