Xendit authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or deleted, Xendit returns an error.

There are two types of API Key in Xendit: 

• Secret API key: Secret key can perform any API request to Xendit on behalf of your account. Your secret keys should be kept confidential and only stored on your own servers.
• Public API key: Public key are meant to identify your account with Xendit. In other words, they can safely be published in places like your Xendit.js javascript code or in an Android or iPhone app. Public key only have the power to create tokens and authenticate for Cards.

How Can I Generate My API Key?

API Key for your integration can be done by following these steps below:

1. Make sure that the email you use when logging in the dashboard has "Developer" access;
   • Click here to find out more regarding team member permission;
2. Make sure you are on the right environment ("Live Mode" or "Test") on the toggle on the top right corner
   • Put the toggle in "Live Mode" if you wish to generate API for Live / Production Mode where you will integrate to transact with real money;
   • Put the toggle in "Test Mode" if you wish to generate API for Test / Sandbox Mode where you will integrate just to do transaction testing with fictional money;
   • 
3. Visit API Key page
4. Decide which API Key that you are generating:

Public API Key

1. Click "copy" on the blue button under "Public Key"
2. Your public API Key would start with "xnd_public"

Secret API Key

1. Click "Generate secret key" on the blue button under "Secret keys"
2. Input the desired name of the API Key
   1. The API Key Name can contain up to 15 alpha-numerical characters;
   2. The API Key Name cannot be the same with other generated API Key;
3. Select the API key permission 
   • Pay attention to the permission where each API Key has permission of a product that you can configure.
   • There are three types of API key permission:
     • None: No product access granted, meaning you forbid your API key to perform any action.
     • Read: Granting the ability to read-only access or fetch data using API of a specific product. You'll grant Read access if you only need to, for example, get your account balance or get payment detail.
     • Write: Granting the ability to read and write data using API. You'll grant Write access if you want to read or perform action ie create Invoice, create Disbursement, get VA, etc. 
   • If you do not use the specified product, please put the permission as None for security measures in order to prevent any unrecognized transaction in case the API Key got leaked.
4. Enter your user password to authenticate yourself
   • 
5. Your secret API Key would start with "xnd_production" for LIVE Secret API Key, and "xnd_development" for TEST Secret API Key;
6. Save the API key securely and apply the new API key to your system
   1. Please note that the created Secret API Key is not going to be able to be viewed anymore;
   2. If you forgot or misplaced your Secret API Key, please kindly delete the created API Key and make a new one.

For more information about API Key in Xendit, read more on our Knowledge Documentation below for more complete reference:

• API Integration
• API Keys