Skip to main content
All requests to the Cadana API must be authenticated using a Bearer token in the Authorization header. All requests must be made over HTTPS.
Bash
curl -X GET 'https://api.cadanapay.com/v1/users' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_API_KEY'
Generate and manage your API keys from the Cadana Dashboard under Settings > Developers.

Token Types

Org API Token

System-level token scoped to a single organization. Use this for backend integrations where your server makes API calls on behalf of the business.
  • Access to all resources within the organization
  • Never expose in client-side code
  • Can be bound to specific IP addresses for added security

Platform API Token

Cross-organization token for multi-tenant platforms. Grants access to the primary organization and any businesses created through the Platform API.
  • Requires special enablement — contact your account manager
  • Business-specific calls require the X-MultiTenantKey header
Bash
curl -X GET 'https://api.cadanapay.com/v1/users' \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer PLATFORM_TOKEN' \
  -H 'X-MultiTenantKey: cad95193904'
See Multi-Tenant Setup for the full platform integration guide.

User Token

Token scoped to an individual end-user (admin, employee, or contractor). Grants access only to that user’s resources.
  • Valid for 1 hour
  • Designed for frontend API calls (browser or mobile)
See Custom Authentication for generating user tokens via SSO.

Public API Key

Client-side key for embedded widgets (prefix cdpk_). Only grants access to public-facing resources like the salary calculator.
  • Safe to include in client-side code
  • Restricted by domain whitelisting
See Gross-to-Net Salary Calculator for usage.

Environments

EnvironmentBase URL
Productionhttps://api.cadanapay.com
Sandboxhttps://dev-api.cadanapay.com
API keys are environment-specific. Production keys do not work in sandbox and vice versa. See Sandbox & Testing for details.