API keys

Use API keys to authenticate API requests

Secret keys​

All accounts have API keys by default. You can find your secret key on the API keys block in the Merchant Account.

Keep your keys safe​

Your secret API key can be used to make any API call on behalf of your account, such as creating a charge or performing a refund. Use the following best practices to keep your keys safe:

  • Grant access only to those who need it.
  • Ensure the key is kept out of any version control system you might be using.
  • Control access to your key using a password manager or secrets management service.
  • Don’t embed your secret API key in mobile applications or other places from where the key could be extracted.