You're viewing documentation for our latest API. This will not impact your integration, but you will need the documentation relevant to you. If you have an account with Checkout.com you have received an email confirming which version to use.
If you're using an ecommerce platform, you need to assign only one processing channel to your public and secret API keys.
Public API keys are used for client-side authentication and only have access to a limited set of our APIs – mostly those called as part of your payment environment. You'll use them when tokenizing card information through Frames or for Google Pay, and in our mobile SDKs and ecommerce platforms.
Secret API keys are used for server-to-server authentication and are supported across most of our endpoints (see our API reference). If you want to use key authentication on an endpoint where it isn't specified in our API reference, please email [email protected].
You can choose how you want your secret API keys configured:
A single key that has access to all of the APIs you want to use.
Multiple keys, each of which has access to a specific set of APIs you will use.
Store your secret API keys securely, as they can be used to perform sensitive actions through the API. Any exposure of your secret API keys puts your account security at risk.
For example, you might have separate systems for processing payments and managing disputes. Each one has different security requirements, and you don't want the disputes management system to have access to any sensitive information about payment processing. To keep them separate, you could have one secret key to access our Unified Payment API for payment processing, and a second secret key that only has access to our Disputes API for disputes management.
To use an API key in your request, you should provide it in the Authorization header with the Bearer Prefix.
curl--location--request POST 'https://api.sandbox.checkout.com/payments/'\