Last updated

API keys

This topic describes API keys and how to use them in Rebilly.

The following key types are available:

  • Secret key: Use to authenticate requests on a server. By default, secret keys can be used to perform any API request without restriction. Secret keys must be kept secret and stored securely in the server-side code of your web or mobile application.
  • Publishable key: Use to tokenize payment information in your client-side code. Publishable keys are publicly accessible in a web browser or mobile application. Publishable keys are mainly used to create tokens, which are a representation of a payment source that hides sensitive information.

API key format

API keys use the following format: type_environment_tokenizedPayload

Type of keyExample
Secret key in the sandbox environmentsk_sandbox_K7W_ZG1OvxkXmtDx2kaE39IN2YZF0INVcqsdgXl
Publishable key in the live environmentpk_live_CaDB_u9Jb6JeeaR_p811KmwiGTyJOmg1WInsmuo

Manage API keys

This section describes how to manage API keys.

Create an API key

Use this process to create new API keys.

  1. In the left navigation bar, click Automations .
  2. In the Development section, click API keys.
  3. In top right of the screen, click Create API key.
  4. In the API key name field, enter a recognizable name for the key.
  5. In the API key type section, select Secret or Publishable.
  6. Optionally, in the Select organizations dropdown, select an organization to associate with the key.
  7. Optionally, in the Allowed IPs field, enter a list of IP address that are permitted to use the API key.
    Note: Leaving Allowed IPs field empty allows all IP addresses.
  8. Click Save API Key to store API key.

Obtain an API key

Use this process to view and obtain API keys.

  1. In the left navigation bar, click Automations .
  2. In the Development section, click API keys.
  3. In the API keys table, under the Key column, click Copy .

Obtain a publishable API key

Use this process to obtain a publishable API key. This key is required to interact with the Rebilly API.

  1. In the left navigation bar, click Automations .
  2. In the Development section, click API keys.
  3. Optionally, if you have not created a publishable key:
    1. In top right of the screen, click Create API key.
    2. In the API key type section, select Publishable, then complete the form and click Save API key.
    3. Go back to the API Keys page.
  4. Select a publishable key and copy the Key value.

Edit or delete an API key

Use this process to edit or delete an API key.

Key deletion is permanent.

  1. In the left navigation bar, click Automations .

  2. In the Development section, click API keys.

  3. Select from the following:

    • Edit an API key:

      1. In the API keys table, under the Name column, click an API key.
      2. Edit the API key, then click Save API key.
    • Delete an API key: In the API keys table, on the right of an API key, click Delete .

Associate keys with organizations

To ensure that an API request is handled by the intended Rebilly account, always include the organizationId in the request URL. API keys are associated with the user who creates them. In Rebilly, a user may be a member of one or more organizations, and may also join or leave organizations. Example: https://api-sandbox.rebilly.com/organizations/{organizationId}/customers.

To associate an API key with an organization, when you create or edit a key, in the Select organizations dropdown, select an organization. For more information, see Create an API key or Edit an API key.