API Access Set-up

In order to access our APIs, you must first create an API key. Your account's API keys are used to authenticate requests to our APIs. API keys can be created and managed by your account's Merchant Administrator under the Administration > API Keys tab.

Only the Merchant Administrator of an account is permitted to manage an account's API keys.

Once logged into your account, click the Administration tab, followed by the API Keys sub-tab.

Secret API Key

Clicking the Create Initial Secret API Key button will generate your first secret API key. You must copy the generated key value before saving as your API key itself is never stored anywhere on our systems. If you lose it, we cannot retrieve it for you.

Once you have created the key, you are ready to use it with our APIs.

Security

Possession of your secret key grants the ability to create payments or orders on any of the terminals within your account. As such, it is very important that you keep your secret API keys secure and do not make them publicly available by accidentally adding them to client side code, or checking them in to a code repository.

Shareable API Key

Your secret API key is designed to be used from your backend servers and, as mentioned above, it needs to be kept secret. However, in order to use ExactJS Payment Forms, you need to be able to access a sub-set of our APIs direct from a customer's browser, so you will need to create a shareable API key.

This shareable API key has zero access to the Payments API or Tokens API. It cannot create new orders with Orders API, and can only be used to pay for an existing order. With such limited functionality, you can use this key directly from a customer's browser.

Clicking the Create Initial Shareable API Key button will generate your first shareable API key. You must copy the generated key value before saving as your API key itself is never stored anywhere on our systems. If you lose it, we cannot retrieve it for you.