API keys

Last updated: June 29, 2022

Sign in to the Dashboard.
Select the Developers icon in the top navigation bar and open the Keys tab. From here, you can:
- List and view your keys.
- Create new keys.
- Edit or delete existing keys.

Any user with Developer or Admin permissions can view or create keys, but only users with the Owner permission are able to edit or delete existing keys.

See our Developers documentation for more information.

Information

If you're using an ecommerce platform, you need to assign only one processing channel to your public and secret API keys.

Public API keys are used for client-side authentication and only have access to a limited set of our APIs – mostly those called as part of your payment environment. You'll use them when tokenizing card information through Frames or for Google Pay, and in our mobile SDKs and ecommerce platforms.

Secret API keys are used for server-to-server authentication and are supported across most of our endpoints (see our API reference). If you want to use key authentication on an endpoint where it isn't specified in our API reference, please email [email protected].

You can choose how you want your secret API keys configured:

A single key that has access to all of the APIs you want to use.
Multiple keys, each of which has access to a specific set of APIs you will use.

Note

Store your secret API keys securely, as they can be used to perform sensitive actions through the API. Any exposure of your secret API keys puts your account security at risk.

For example, you might have separate systems for processing payments and managing disputes. Each one has different security requirements, and you don't want the disputes management system to have access to any sensitive information about payment processing. To keep them separate, you could have one secret key to access our Unified Payment API for payment processing, and a second secret key that only has access to our Disputes API for disputes management.

To use an API key in your request, you should provide it in the Authorization header with the Bearer Prefix.


1curl --location --request POST 'https://api.sandbox.checkout.com/payments/' \
2--header 'Content-Type: application/json' \
3--header 'Authorization: Bearer sk_sbox_wjvrysklsqjmrhn3yoexnshsl72' \
4--data-raw '{
5  "source": {
6    "type": "card",
7    "number": "4242424242424242",
8    "expiry_month": 12,
9    "expiry_year": 2025
10  },
11  "amount": 100,
12  "currency": "EUR",
13  "reference": "ORD-175-759"
14}'

API keys

Manage your keys in the Dashboard

Information

Public API keys

Secret API keys

Note

Multiple key use case

Using API key authentication

Request example