You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

"Optional" flag

Functions that are flagged as "optional" within the application might not be enabled within the application you are using. will be happy to enable these functions for you when necessary.


In order to show and edit API Credentials, the tab "Key management" (optional) must be enabled for you within the application.

This page explains how to view and manage your API Credentials in the Key management tab.



Overview of Key management


Once enabled to edit API Credentials, you can

  1. create a new key for empty fields
    StatusDescription
    ActiveThe key has been generated, is valid and can be used immediately for API access
    Use casetemporary migrations or before key rotation
  2. renew an existing key
    StatusDescription
    ActiveThe key has been updated, is valid and can be used immediately for API access
    Use caseif compromise is suspected or without key rotation


  3. revoke an existing key
    StatusDescription
    InactiveThe key has been immediately deactivated and is irretrievably deleted for API access
    Use casetemporary migrations or after key rotation


 uses API key sets for your MerchantID.

Legacy API (Both used in legacy API)

Encryption Password

Primary HMAC key

REST API (Primary HMAC Key is shared and optionally used for Enhanced Webhook in REST API)

Primary HMAC key

Primary REST API key

Double run in REST API (Both optionally used for double run in REST API)

Secondary HMAC key

Secondary REST API key


In case you have integrated with our REST API you can use two key sets in parallel to rotate keys without downtime.

Using two key sets in parallel is called double run. Double run allows you to switch your systems from one key to another without interrupting live traffic.



  • No labels