API keys

Last updated: November 5, 2025

You can authenticate your calls the the Checkout.com API using public and secret API keys.

Public API keys are used for client-side authentication. They can only access a limited set of our APIs, mostly those you call as part of your payment environment.

You use public keys when tokenizing card information through Flow or for Google Pay, and in our mobile SDKs and ecommerce platforms.

Secret API keys are used for server-to-server authentication. They can access most of our APIs.

Information

If you want to use key authentication for an endpoint where this is not specified in the API reference, request support.

You can configure your secret API keys in one of the following ways:

A single key that can access all APIs you want to use
Multiple keys, each of which can access a specific set of APIs you want to use

You may need to use multiple keys if you have separate systems for processing payments and managing disputes that have different security requirements. You do not want the disputes management system to access sensitive payment processing information.

To keep the systems separate, you can use one secret key for the Payments API, and a second secret key exclusively for the Disputes API.

Note

Always store your secret API keys securely, because you can use them to perform sensitive actions through the API. Any exposure of these keys puts your account security at risk.

To manage your keys in the Dashboard, you need one of the following user roles:

Admin
Developer
A custom role with the Create new keys or View the list of keys permission

Note

Only users with the Account owner role can edit or delete existing keys.

Sign in to the Dashboard.
Select the Developers icon in the top navigation bar and open the Keys tab.

From here, you can:

View all keys for your account.
Create new keys.
Edit or delete existing keys.

Information

If you're using an ecommerce platform, assign only one processing channel to your public and secret API keys.
For more information, see Developers.

To use an API key in your API request, provide it in the Authorization header with the Bearer Prefix.


1curl --location --request POST 'https://api.sandbox.checkout.com/payments/' \
2--header 'Content-Type: application/json' \
3--header 'Authorization: Bearer sk_sbox_wjvrysklsqjmrhn3yoexnshsl72' \
4--data-raw '{
5  "source": {
6    "type": "card",
7    "number": "4242424242424242",
8    "expiry_month": 12,
9    "expiry_year": 2025
10  },
11  "amount": 100,
12  "currency": "EUR",
13  "reference": "ORD-175-759"
14}'

API keys

Public API keys

Secret API keys

Information

Multiple keys example

Note

Manage API keys in the Dashboard

Note

Information

Authenticate using API keys

Request example