Authentication

Test Mode vs Live Mode

There are two "modes" of operation for your Transactpay account:

Live Mode: Real money, real transactions, real effects. Only switch to this after you've tested your integration thoroughly.

Test Mode: No real money is involved. Only our test cards and bank accounts can be used. We'll still send webhooks and email notifications, and most of the API functions are the same.

You can easily switch between Live and Test modes with the toggle button at the top right portion of the navigation bar.

[insert photo of how one can switch]

API keys

When you create a Transactpay account, you're given three kinds of API keys:

Secret key: The most powerful type of key. It can authorize any action on your account, so it should never be exposed to the public.
Public key: The key you'll use in "public" scenarios, such as in front-end JavaScript code.
Encryption key: Only used with the direct card charge endpoint. See the encryption guide for details.

Retrieving your API Keys

Your API keys are always available on your dashboard. To find your API keys,

  • Login to your dashboard.
  • Navigate to Settings on the side menu.
  • Go to the 'API Keys & Webhooks' tab on the Settings page. In the Transactpay API's section, you’d see both your Public and Secret keys.


Authorizing API calls

All API calls on Transactpay are authenticated. API requests made without authorization will fail with the status code 401: Unauthorized.

🚧

Your secret key can perform any actions on your Transactpay account without restriction. It should be kept confidential and only stored on your servers, preferably as an environment variable.

It should not be included in your Git repository or front-end JavaScript code.

To authorize API calls from your server, pass your secret key as a bearer token. This means passing an Authorization header with a value of "Bearer: YOUR_SECRET_KEY".

For example, an API call could look like this in Next.js:

const axios = require('axios');
let data = JSON.stringify({
  "data": ""
});

let config = {
  method: 'post',
  maxBodyLength: Infinity,
  url: 'https://payment-api-service.transactpay.ai/payment/order/create',
  headers: { 
    'api-key': 'PGW-PUBLICKEY-TEST-26795CB9393A4AF8BA931E8DA967FF3E', 
    'Content-Type': 'application/json'
  },
  data : data
};

axios.request(config)
.then((response) => {
  console.log(JSON.stringify(response.data));
})
.catch((error) => {
  console.log(error);
});

curl --location 'https://payment-api-service.transactpay.ai/payment/order/create' \
--header 'api-key: PGW-PUBLICKEY-TEST-26795CB9393A4AF8BA931E8DA967FF3E' \
--header 'Content-Type: application/json' \
--data '{
    "data": ""
}'
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\r\n    \"data\": \"\"\r\n}");
Request request = new Request.Builder()
  .url("https://payment-api-service.transactpay.ai/payment/order/create")
  .method("POST", body)
  .addHeader("api-key", "PGW-PUBLICKEY-TEST-26795CB9393A4AF8BA931E8DA967FF3E")
  .addHeader("Content-Type", "application/json")
  .build();
Response response = client.newCall(request).execute();
import http.client
import json

conn = http.client.HTTPSConnection("payment-api-service.transactpay.ai")
payload = json.dumps({
  "data": ""
})
headers = {
  'api-key': 'PGW-PUBLICKEY-TEST-26795CB9393A4AF8BA931E8DA967FF3E',
  'Content-Type': 'application/json'
}
conn.request("POST", "/payment/order/create", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))