Requests to IntaSend requires authentication. IntaSend provides two types of keys
- Public/Publishable Key (Prefixed with ISPubKey_)
- Private/Secret Key (Prefixed with ISSecretKey_)
The keys are unique for every account and also indicates the environment from which it was obtained. The environments are test and live.
You must secure the secret key at all cost
Secret keys must only be added at the backend and should not be exposed on the frontend. If your integration does not need use of secret key e.g the checkout link API which needs only the public key to generate, we recommend that you do not generate the secret key.
The Secret key must never be shared and must be stored securely. We recommend using 12 Factor App concept, where sensitive information like the Private/Secret key must be kept in an environment variable and not hard-coded in the configuration files.
The API keys are obtained on your dashboard. The public key is readily available while the secret key must be generated and only if needed. Please check the API you are working with to verify if it needed the secret key to complete the authentication.
Public/Publishable Keys are safe to add at the frontend of your app/website. The publishable keys are only used to identify your business during the checkout links setup. The secret keys are able to do more i.e refunds, send money, create wallets etc.
When sending requests that requires authentication, the secret key is needed.
To authenticate your request, send the secret key in the Authorization header with the Bearer Prefix
POST https://payment.intasend.com/api/v1/[protected-resource] Authorization: Bearer [ADD-YOUR-SECRET-KEY]
In order to protect your account, we recommend requests to IntaSend and your servers must be secure and encrypted (HTTPS).
When working with the IntaSend's SDK tools, authentication process has been simplified for you. You simply need to provide your secret token and you are good to go. Here are code examples on how to authenticate (Libraries and SDKs) .
Updated 12 months ago