API Credentials

API Keys in EveryPay

API Keys are the backbone of your connection to EveryPay’s payment platform. Think of them as the unique identifiers that allow your application to securely communicate with EveryPay’s services. They unlock a world of possibilities for integrating payment solutions but must be handled with care to ensure the security of your transactions and sensitive data.

What Are API Keys?

API Keys are like the passwords or access cards for your EveryPay account. They authenticate your app when making requests to our servers, ensuring that:

  • Your Application Is Recognized: EveryPay knows it's your app making the request.
  • Your Requests Are Valid: Only authorized apps can perform actions like processing payments or issuing refunds.
  • Your Data Stays Secure: API keys prevent unauthorized access to your account and transactions.

Security Best Practices for Sharing API Keys

If you need to collaborate with external developers, consultants, or partners, here’s how to do it safely. To protect your business and your customers, follow these key guidelines:

  1. Keep API Keys Secret Never share your API keys publicly. Avoid including them in shared documents, emails, or code repositories like GitHub (even in private repos).

  2. Use Environment Variables Store API keys securely in environment variables or secret management tools, so they’re not hardcoded in your application.

Your API Keys in EveryPay

API Keys

API Keys are unique credentials that authenticate your application when interacting with EveryPay’s services online. They:

  • Enable secure communication between your app and EveryPay’s servers.
  • Allow your app to process payments, issue refunds, and fetch transaction data.

POS Keys

POS Keys are used to authenticate and manage physical devices (like point-of-sale terminals) for in-person payments. They:

  • Link your POS devices with EveryPay’s platform for real-time payment processing.
  • Ensure secure transactions in physical retail environments.

In both cases, these keys act as access tokens to enable safe communication, but they must be handled with care to prevent unauthorized access or fraudulent activity.

What Are Public API Keys?

Public API Keys are meant to be shared safely in client-side applications. These keys:

  • Purpose: Identify your account and the application using EveryPay’s services.
  • Use Case: Typically used in frontend code to initiate payment workflows (e.g., embedding a payment form).
  • Level of Access: Limited to operations that do not expose sensitive data or perform critical actions.

🔒 Important: While these keys are safe to share in public-facing environments, they should still be handled responsibly. Avoid exposing them in places where they can be misused.

What Are Private API Keys?

Private API Keys are confidential credentials used exclusively in backend applications. These keys:

  • Purpose: Authenticate requests from your server to EveryPay’s servers.
  • Use Case: Enable secure operations, such as processing payments, issuing refunds, or accessing sensitive account data.
  • Level of Access: Full access to your account, allowing it to perform sensitive operations.

🚨 Critical Reminder: Private API Keys must never be exposed in client-side code, shared publicly, or included in unsecured environments. A compromised private key can lead to unauthorized actions and financial loss.

When to Share Each Key

Public API Key

  • Share with trusted developers or external partners working on your frontend code.
  • Use it to configure client-side payment forms or widgets.
  • Safe to include in your website’s JavaScript but ensure it is paired with backend validation.

Private API Key

  • Never share with anyone outside your organization unless absolutely necessary.
  • Use only within your secure backend servers for sensitive operations.
  • If you’re collaborating with external developers, consider creating restricted keys with limited permissions.

Where to Find API Keys and POS Keys in Your Dashboard

You can find your API Keys and POS Keys directly in the EveryPay dashboard. Follow these steps:

Accessing API Keys

  1. Log In to the Dashboard: Use your EveryPay credentials to log in.
  2. Navigate to Settings: From the main menu, select API Keys under the Settings section.
  3. View or Generate Keys: From the main menu, select API Keys under the Settings section.
    • Existing keys are listed here.
    • To generate a new key, click Generate Key.
Sandbox Account Payform