Keys

Speed uses API keys to authenticate requests. These keys are used by the Speed platform to identify the account, and mode you are working on and accordingly allow or restrict access to resources.

Every account has two types of keys: publishable and secret. Each type includes two keys: one for the test environment and one for the live environment.

Every account has two types of keys:

Standard keys: Standard keys have two types: publishable and secret.

Restricted keys: You can configure a restricted API key to allow read or write access to specific API resources.

Each of these three keys has a separate one for the test environment and one for the live environment.

Types of keys

Secret API key

  • Your account's secret key can be used to call almost all objects supported by Speed without any restrictions, such as creating checkout links, checkout sessions, creating payments, or checking the account balance.
  • This should be kept confidential and only used on your server-side code. Learn more about this here.
  • Sample Test Secret key: sk_test_l3o6dqxz6yJrb75Gl7ef0t0ufhhmuOV265zz6eZJST6GnqjK

Publishable API key

  • Publishable API keys are limited to certain endpoints of an object.

  • Using the publishable key, you can access a number of functionalities of Speed.js. For example, create a checkout session so that your customer can make a payment.

  • While we recommend using a secret key for maximum security, here, you can use the publishable key in the client-side code of your web or mobile app.

  • Sample Test Publishable key: pk_test_l3o6d77z6yJrbuCGl7ef0s9nsuR5kWPyvNhOteD7O58hieSR

Restricted API key

  • To limit API access, generate restricted API keys that grant specific read or write permissions for certain API resources.
  • When utilizing microservices that interact with the API on your behalf, create restricted keys that provide only the necessary access required by those microservices.
  • You will be asked for the following information when you select "Create Restricted Key.”
    • Key name
    • Description
    • Resource type
  • Resource type includes Bucket list and its Resource.
  • Bucket List:
    • A bucket is a collection of resources with module-specific API.
  • Resource:
    • Resource have bunch of APIs set.
      • i.e. All Checkout session APIs
      • All Payment link APIs
  • You should enter key name, description and select permissions resource wise (Read only or Read & write) and click on create key.
  • Password authenticator will be applicable whenever restricted key will be generated.
    • Upon creation of the restriction key, it will appear in the list page.
  • Upon the creation of a restricted key, an email notification is automatically sent to the user.
  • You have the flexibility to edit or delete the key at your convenience. When editing a restricted key, you gain the ability to refine and update access to resources or modify the bucket list associated with it and these changes take effect instantly, ensuring that the updated access parameters are readily available.
  • A detailed page is available for every restricted key you generate, offering a comprehensive overview of granted access to resources. This enhances your ability to manage and monitor access with greater ease.
  • Deleting a restricted key triggers an email notification to inform the user.

💡

Please note that once a restricted key is deleted, no further actions can be performed using that key.

  • For instance, if you're developing a "Receive Payment" feature, assign a key that permits the creation of receive payment resources exclusively. This approach enables the service to retrieve necessary data but prevents it from making alterations or accessing other resources.
  • Sample Test Restricted key: rk_test_lhj4yabcBUFCBJwElizhz21h0yuTEu3olizhz21hYVLxyTqF

Keys in different modes

Users can make API requests in either test or live mode for their respective Speed accounts using applicable keys. API objects created in one mode (for example, a checkout link) are not accessible in the other using the same key. This means that the test key will provide test account information, while the live key will provide live account information.

Test mode:

  • The test mode is a simulation mode that you can use to test your integration flow. Your customers will not be able to make actual payments in this mode. However, you and your customer can simulate the entire payment process in our test mode.

  • For Test mode, the Speed Platform provides,

    • One (default) publishable key.
    • One (default) secret key.
    • Three restricted keys.
      It means you cannot create any more keys in this mode.

Live mode:

  • When you're ready to launch your app, replace your test key with a live key to start accepting customer payments.
  • For Live mode, the Speed Platform provides,
    • One (default) publishable key.
    • One (default) secret key for this mode.
      • Additionally, you can generate new secret keys. (Right now, you can generate two more secret keys in addition to the default one.)
    • Three restricted keys.

How to get API keys?

Follow these steps to acquire the API keys:

  1. Log into your Speed web application with your login credentials.

  2. Select the mode (Test or Live) for which you want to generate the API keys.

  3. Navigate to,

    1. DevelopersAPI Keys Standard Keysto generate either publishable or secret keys for the selected mode.
      • You will see both publishable and secret keys here.
      • Click the reveal key button to generate the default required keys
      • Click on the “create secret key” button to generate additional new secret keys.
    2. DevelopersAPI Keys Restricted Keysto generate restricted keys for the selected mode.
      • Click on the “create restricted Keys” button to generate new restricted keys.

    As a next step, see Managing API keys for more information.