Skip to content

API keys

Last updated: 29th June 2022

Manage your keys in the Dashboard

In the Developers page, you can:

  • list and view your keys
  • create new keys
  • edit or delete existing keys

You can view or create keys with the Developer permission. For edit or delete, you must have the Owner permission.

If you're using an e-commerce platform, you need to assign only one processing channel to your public and secret API keys.


Public keys

Public keys are used for client-side authentication and only have access to a limited set of our APIs – mostly those called as part of your payment environment. You'll use them when tokenizing card information through Frames or for Google Pay, and in our Mobile SDKs and E-commerce Platforms.


Secret keys

Secret keys are used for server-to-server authentication and are supported across most of our endpoints (see our API reference). If you want to use key authentication on an endpoint where it isn't specified in our API reference, please email support@checkout.com.

You can choose how you want your secret keys configured:

  • A single key that has access to all of the APIs you want to use.

  • Multiple keys each one with access to a specific set of APIs you will use.

Multiple key use case

For example, you might have separate systems for processing payments and managing disputes. Each one has different security requirements, and you don't want the disputes management system to have access to any sensitive information about payment processing. To keep them separate, you could have one secret key to access our Unified Payment API for payment processing, and a second secret key that only has access to our Disputes API for disputes management.


Using API key authentication

To use an API key in your request, you should provide it in the Authorization header with the Bearer Prefix.

Request example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
curl --location --request POST 'https://api.sandbox.checkout.com/payments/' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer sk_sbox_wjvrysklsqjmrhn3yoexnshsl72' \
--data-raw '{
"source": {
"type": "card",
"number": "4242424242424242",
"expiry_month": 12,
"expiry_year": 2025
},
"amount": 100,
"currency": "EUR",
"reference": "ORD-175-759"
}'