Requests to IntaSend requires authentication. IntaSend provides two types of keys
- Public/Publishable Key (Prefixed with ISPubKey_)
- Private/Secret Key (Prefixed with ISSecretKey_)
The keys are unique for every account and also indicates the environment from which it was obtained. The environments are test and live.
You must secure the secret key at all cost
Secret keys must only be added at the backend and should not be exposed on the frontend. If your integration does not need use of secret key e.g the checkout link API which needs only the public key to generate, we recommend that you do not generate the secret key.
The Secret key must never be shared and must be stored securely. We recommend using 12 Factor App concept, where sensitive information like the Private/Secret key must be kept in an environment variable and not hard-coded in the configuration files.
The API keys are obtained on your dashboard. The public key is readily available while the secret key must be generated and only if needed. Please check the API you are working with to verify if it needed the secret key to complete the authentication.
Public/Publishable Keys are safe to add at the frontend of your app/website. The publishable keys are only used to identify your business during the checkout links setup. The secret keys are able to do more i.e refunds, send money, create wallets etc.
When sending requests that requires authentication, the secret key is needed.
To authenticate your request, send the secret key in the Authorization header with the Bearer Prefix
POST https://payment.intasend.com/api/v1/[protected-resource] Authorization: Bearer [ADD-YOUR-SECRET-KEY]
In order to protect your account, the Send Money API adds an extra verification using encryption keys and signatures. Basically when a request is initiated, IntaSend will send back a nonce for you to sign using a private key only know to you. On the other end, IntaSend will verify the signature using the public key that you will share with us. This process is only needed when working with Send Money and Disbursements APIs.
Updated 2 months ago