Skip to main content

Get API Key

Live Credentials Only

There are no Test Keys. All API Keys generated below have permission to operate on Real Assets. Leaking these keys can result in financial risk.

If you plan to use the Checkout feature or call our API interfaces directly, you need to get an API Key for authentication.

The system assigns a Standard Key to each merchant account by default. This key has global permissions and can perform all operations such as creating payment sessions and querying data.

Get Standard Key

For security reasons, your standard key is hidden by default. Viewing the full key requires secondary verification.

1. Enter Key Management

Log in to the merchant dashboard, click "API Key" of the left menu to enter the API Key management page.

2. Security Verification

In the "Standard Key" list, click "Reveal Key" on the right.

  • To ensure the operator is you, the system will send a verification code to your registered email.
  • After entering the correct verification code, the system will display the complete key string (usually starting with sk_).

3. Save Immediately (Critical)

When the key is displayed in the popup, please be sure to copy and save it immediately to your server's secure storage (such as environment variables or a password manager).

  • If you did not save or lost the key, you can only generate a new key through the "Key rotation" operation.
Never Expose on Frontend

Never expose the API Key in frontend code! The standard key has full control over the account. Please use it only in Server-side (Backend) code. Never include it in web page JavaScript, mobile App code, or public code repositories (such as GitHub).

Key rotation

If you forgot the key, or suspect the key has been compromised, you can use the "Key rotation" function to generate a new key. To ensure your business is not interrupted during the switch, we provide an Expiration Buffer Period mechanism.

Rotation Process

  1. Click the operation menu ... in the standard key column and select "Rotate Key".
  2. Set Validity Period: Select the expiration time of the old key in the popup (e.g., 12 hours, 1 day, 7 days, etc.).
    • During this period, the old key remains valid.
    • This gives you ample time to deploy the new key to the server for a smooth transition.
  3. Verify and generate the new key.
Smooth Migration Suggestion

Before the validity period you selected ends, both the new and old keys can initiate requests normally. It is recommended that you use this buffer period to complete the server configuration update. After the validity period ends, the old key will automatically expire, and any request using the old key will be refused.

About Restricted Keys

In addition to standard keys, we also support creating Restricted Keys.

  • Usage: If you need to provide a key to a third-party plugin, or use it only for specific query purposes (such as read-only permissions), it is recommended to create a restricted key with the minimum permission scope.
  • Creation: Click "+ Create Restricted Key" in the upper right corner of the page, and check the corresponding read/write permissions according to your needs.

Next Steps

Now that you have an API Key, you can start technical integration:

Start Checkout Integration →