Skip to main content

Authentication

PayRex API requires you to authenticate using your API keys. If you call our API with an invalid or expired API key, we will return an error.

You can view and manage your API keys in the Developers module of the PayRex Dashboard.

Types of API keys

PayRex will provide you with four different API keys. This set of API keys will define if:

  • You are integrating either in test mode or live mode.
  • You are using an API key that should be used only within your backend or on the client side.

Test vs live mode

All PayRex API requests will run either live or in test mode. Use test mode to complete your integration or access test data, and live mode once you're ready to go live or access actual account data. Each mode has its own set of API keys. Resources in one mode aren't accessible to the other. For example, a Payment resource generated in test mode must be generated from a test mode Payment Intent.

For more information about test mode, you can refer to our guide.

Secret and publishable keys

Test and Live mode API keys have exposure types: secret or public.

  • Secret API key - Use this key to authenticate requests on your backend. Secret API keys are confidential and sensitive information. It can trigger all the actions you can take with your PayRex account.
  • Public API key - Use this key to integrate PayRex's client-side library to complete a payment. The public API keys are exposed to the public.

All API keys

In total, your PayRex account has four API keys.

  • Test mode secret API key - Use this key to authenticate requests on your backend when in test mode.
  • Test mode public API key - Use this key with the test mode secret API key to connect your integration from the client-side code.
  • Live mode secret API key - Use this key to authenticate requests on your backend when in live mode.
  • Live mode public API key - Use this key with the live mode secret API key to connect your integration from the client-side code.

Keep your API keys safe

If your API keys are compromised, anyone can use your live mode secret API key to make any API call on behalf of your PayRex account, such as completing payment or refunding a Payment. To secure your API keys, here are our recommendations:

  • Do not commit your Secret API keys to your source code. You store your Secret API Key to the environment variable of your server or use existing Vault solutions.
  • If you think your secret API key is compromised, you can request that we rotate the API keys. Please contact developers@payrexhq.com if you want us to do so.