Use API keys to authenticate API requests
Secret keys
All accounts have API keys by default. You can find your secret key on the API keys block in the Merchant Account.
Keep your keys safe
Your secret API key can be used to make any API call on behalf of your account, such as creating a charge or performing a refund. Use the following best practices to keep your keys safe:
- Grant access only to those who need it.
- Ensure the key is kept out of any version control system you might be using.
- Control access to your key using a password manager or secrets management service.
- Don’t embed your secret API key in mobile applications or other places from where the key could be extracted.