How do I buy gift cards with cryptocurrency?

Simply connect your Web3 wallet, select a gift card and amount, and pay with your preferred cryptocurrency. Your gift card code will be delivered instantly.

What cryptocurrencies do you accept?

We accept ETH, USDC, USDT, and other major cryptocurrencies on Ethereum, Polygon, Arbitrum, Optimism, and Base networks.

Is KYC required to buy gift cards?

No, we don't require KYC verification. Simply connect your wallet and make a purchase. Your privacy is protected.

How fast is delivery?

Gift card codes are delivered instantly after payment confirmation on the blockchain, typically within seconds to a few minutes.

Which gift cards are available?

We offer 100+ gift cards including Amazon, Steam, Netflix, PlayStation, Xbox, Apple, Spotify, Uber, and many more popular brands.

Are the gift cards region-locked?

Most gift cards are available globally, but some may be region-specific. Check the card details page for availability in your region.

Authentication

All API requests to monterrey.app require authentication using an API key. This guide covers how to obtain and use your API keys securely.

API Keys

monterrey.app uses API keys to authenticate requests. You can create and manage your API keys in the Developer Portal.

Key Types

Type	Prefix	Usage
Live	`mk_live_`	Production payments with real funds
Test	`mk_test_`	Development and testing on testnets

Using Your API Key

Include your API key in the X-API-Key header of every request:

curl https://api.monterrey.app/v1/payments \
  -H "X-API-Key: mk_live_your_api_key_here" \
  -H "Content-Type: application/json"

SDK Authentication

import { MonterreyClient } from "@monterrey/sdk";

const monterrey = new MonterreyClient({
  apiKey: process.env.MONTERREY_API_KEY,
});

Key Permissions

API keys can have scoped permissions:

Permission	Description
`payments:read`	View payment details and history
`payments:write`	Create new payments
`webhooks:read`	View webhook configurations
`webhooks:write`	Create and manage webhooks
`quotes:read`	Get price quotes

Security Best Practices

Never expose API keys in client-side code. Always make API calls from your server.
Use environment variables. Store keys in .env files, not in code.
Rotate keys periodically. Create new keys and revoke old ones regularly.
Use minimal permissions. Only grant the permissions each key needs.
Monitor key usage. Check the Developer Portal for unusual activity.

Error Responses

Authentication errors return a 401 Unauthorized status:

{
  "error": {
    "code": "UNAUTHORIZED",
    "message": "Invalid or missing API key"
  }
}

Rate Limiting

API requests are rate limited to protect the service. Current limits:

100 requests per minute per API key
1000 requests per hour per API key

Rate limit information is included in response headers:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640000000