API Keys
This section describes what API keys are and how to retrieve them.
Xpresspay authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, Xpresspay returns an error.
All API requests exist in either test or live mode, and one mode cannot be manipulated by data in the other. To get your live and test API keys sign up here
There are also two types of API keys: public and secret.
Public API keys are meant solely to identify your account with Xpresspay, they aren’t secret. In other words, they can safely be published in places like your Xpresspay JavaScript code, or in an Android or iPhone app. Publishable keys only have the power to create a transaction.
Secret API keys should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Xpresspay without restriction.
-Encryption Key is meant to be used in Android SDK integrations, and other mobile integrations where storing the secret key is not allowed.
Obtaining your API Keys
Your API keys are available in the Dashboard by navigating to Settings - > API.
Updated almost 5 years ago