API Keys and Integration Settings¶
The validity of the API keys is open-ended, but at any time you can revoke any key and generate a new one.
Public API and Checkout API¶
The keys for API access in live mode are called Live Keys.
Transactions that are performed via API with live keys affect the balances of the account. So be careful and use only Test Keys for test integration.
Initial integration with API is going with the use of the public keys (the public test key—for test transactions, the public live key—for live mode).
All incoming Callbacks have a digital signature that allows them to be identified and handled safely. The signature is passed to HTTP header with the 'X-Signature' key using an algorithm with a private key.
To system handle Callback requests accurately, a Public Key must match with Private Key for the Live/Test mode.
callback_url is the link to which the Callbacks duplicate with notifications of changes in payment status. If it is not set, you can send Callbacks from the dashboard. Go to Transaction overview > Callbacks, select the callback and resend it.
We use Private API and standard HTTP Basic authorisation to direct interaction between servers with Commerce Account ID as a login, and API Key as a password.
To enhance your account's security, we recommend you fill in the IP whitelist (the list of IP addresses that are allowed access to Private API). If the white list is not filled in, access to the private API is determined only by the concurrence of your Commerce Account ID and API Key.