What are the API keys and what are they used for?

Smartpay authenticates your API requests using your account's API keys. If you don't include your key when making an API request, Smartpay will return an error.

Every account has separate keys for testing and for running live transactions. All API requests in either test or live mode, and objects in one mode are not compatible for operations with the other mode.

Next to the test and live mode of API keys, they also have a type: public or secret

  • Public: these API keys are meant solely to identify your account with Smartpay, they aren’t secret. In other words, you can safely publish them in places like your Smartpay.js JavaScript code, or in an Android or iPhone app.

  • Secret: You must keep your secret API keys confidential and only store them on your own servers. You must not share your secret API key with any third parties. Your account’s secret API key can perform any API request to Smartpay without restriction. If Smartpay believes that your secret API key has been compromised, we may cancel and reissue it, potentially resulting in an interruption to your Smartpay services.

Every live Smartpay merchant has a total of four keys: a publishable and secret key pair for both test mode and live mode.

Your Smartpay API keys can be found on your Smartpay Dashboard, under the settings > credential page.