Authenticate your API calls by including your secret key in the Authorization header of every request you make. You can view and manage your Secret keys from the Dashboard > Integrate now > secret key .
Generally, we provide both payment Api Keys and secret keys.
The secret key is used to authenticate your API calls by including your secret key in the Authorization header of every request.
The Payment API key is used to generate the order hash for payment authentication, when signing up you already begin with a default key. you could generate unlimited keys to track your channel. Payment Api Keys keys are meant to be used when integrating using Payment UI.
Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.
Secure your secret key.
Do not commit your secret keys to git, or use them in client-side code.
Every account is provided with separate keys for testing and for running live transactions. All API requests exist in either test or live mode, so one mode cannot be manipulated by objects in the other.
All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
Authorization headers should be in the following format:
Sample Authorization Header
API requests made without authentication will fail with the status code
All API requests must be made over HTTPS.
Keeping your keys safe
Your Keys can be used to make actions behalf of your account, such as creating charges or performing refunds. Treat your keys as you would any other password. Grant access only to those who need it. Ensure it is kept out of any version control system you may be using. Control access to your key using a password manager or secrets management service.
If a Secret key or Payment API Key is compromised, you should immediately consider expiring your keys from the Kashier dashboard to avoid data leaks by Changing a user secret key or deleting a Payment API Key and generating a new one. this operation should be done from the dashboard and to your system side by side since Kashier expire the keys immediatly which may result in a downtime.
Teams and user roles
Give team members controlled access to your Kashier account.
You can invite other members of your team to access a Kashier account. To protect your sensitive information or restrict the actions they can perform, user roles limit their access. Each team member must be assigned a role when they’re added.
You can manage team members and user roles in your account’s team member settings page > manage team. You can add team members individually by adding their emails.
Here’s a simple breakdown of the steps needed to manage your team members’ User Roles:
- Log into your Kashier Dashboard, and click on Settings.
- Select the manage team section, and then click on user who you intend to change his role then click three points on top right side and select user edit.
- Select one of the default user roles, or a custom role that you created by clicking on the menu selector. This reveals all the default and custom user roles.
- Click on Save, and the team member’s updated user permissions would have been saved.
About Custom User Roles
Custom user roles allow you to choose exactly what team members can see and do on the Kashier Dashboard. If the default user roles do not meet your needs, you can simply create a Custom Role that has the exact permissions you require.
Here’s a breakdown of how to create custom user roles on the Kashier Dashboard:
- From the Manager team on the Settings page of the Kashier Dashboard, click on Roles tab.
- Next, click on Create role which reveals a custom role creation form.
- Fill in the Create Custom Role form, and then click on save changes at the bottom of the form to create your custom role.