Authentication
SwitchApp secures your account for API requests
SwitchApp uses API keys for request authentication and scoping. Your API keys are accessible and managed from your SwitchApp dashboard.
API keys are classified as secret or public based on the access level they possess to your account. Public keys are granted limited access and can only be used to identify your profile for client-side payment initialization. However, secret keys have many privileges and can perform a lot more on your behalf. As such, they must be hidden from public access.
API keys are also grouped into test and live mode keys. All requests initiated with test mode keys are localized to test environments.
Test mode secret keys have the prefix sk_test_ while live mode secret keys have the prefix sk_live_.
SwitchApp requires HTTPS for all API requests. All requests made without an authentication key will fail. To initiate a request, pass your secret key to the request header using the authorization header name in bearer format.
IMPORTANT: Your secret key should always remain hidden from the public. This includes ensuring it is never committed to source control eg git and that it is never bundled in your client-side code.
If your secret keys are compromised at any time, terminate them and generate new ones. This will render the compromised keys invalid.
Last updated