Authentication

How to authenticate your API requests and API Keys

Requests to IntaSend requires authentication. IntaSend provides two types of keys

  • Public/Publishable Key (Prefixed with ISPubKey_)
  • Private/Secret Key (Prefixed with ISSecretKey_)

The keys are unique for every account and also indicates the environment from which it was obtained. The environments are test and live.

Test keys (with keyword **test**) are for use in the sandbox environment while the ones with **live** keyword strings must be used only in live environment.

❗️

You must secure the secret key at all cost

Secret keys must only be added at the backend and should not be exposed on the frontend. If your integration does not need use of secret key e.g the checkout link API which needs only the public key to generate, we recommend that you do not generate the secret key.

The Secret key must never be shared and must be stored securely. We recommend using 12 Factor App concept, where sensitive information like the Private/Secret key must be kept in an environment variable and not hard-coded in the configuration files.

How to generate the API Keys

The API keys are obtained on your dashboard. The public key is readily available while the secret key must be generated and only if needed. Please check the API you are working with to verify if it needed the secret key to complete the authentication.

Public/Publishable Keys are safe to add at the frontend of your app/website. The publishable keys are only used to identify your business during the checkout links setup. The secret keys are able to do more i.e refunds, send money, create wallets etc.

All the above keys can be found under your account integrations - settings - API Keys tab, sandbox environment, live environment

How to authenticate your requests (REST API)

When sending requests that requires authentication, the secret key is needed.

To authenticate your request, send the secret key in the Authorization header with the Bearer Prefix

POST https://payment.intasend.com/api/v1/[protected-resource]
Authorization: Bearer [ADD-YOUR-SECRET-KEY]

In order to protect your account, we recommend requests to IntaSend and your servers must be secure and encrypted (HTTPS).

Authentication for Node, PHP, Python and other libraries

When working with the IntaSend's SDK tools, authentication process has been simplified for you. You simply need to provide your secret token and you are good to go. Here are code examples on how to authenticate (Libraries and SDKs) .