Last updated
These docs are intended for a developer audience.Dismiss

API keys

This topic describes API keys and how to use them in Rebilly.

The following key types are available:

  • Secret key: Use to authenticate requests on a server. By default, secret keys can be used to perform any API request without restriction. Secret keys must be kept secret and stored securely in the server-side code of your web or mobile application.
  • Publishable key: Use to tokenize payment information in your client-side code. Publishable keys are publicly accessible in a web browser or mobile application. Publishable keys are mainly used to create tokens, which are a representation of a payment source that hides sensitive information.

API key format

API keys use the following format: type_environment_tokenizedPayload

Type of keyExample
Secret key in the sandbox environmentsk_sandbox_K7W_ZG1OvxkXmtDx2kaE39IN2YZF0INVcqsdgXl
Publishable key in the live environmentpk_live_CaDB_u9Jb6JeeaR_p811KmwiGTyJOmg1WInsmuo

Manage API keys

This section describes how to manage API keys.

Create an API key

Use this process to create new API keys.

  1. In the left navigation bar, press Automations .
  2. In the Development section, press API keys.
  3. In top right of the screen, press Create API key.
  4. In the API key name field, enter a recognizable name for the key.
  5. In the API key type section, select Secret or Publishable.
  6. Optionally, in the Organizations dropdown, select an organization to associate with the key.
  7. Optionally, in the Allowed IPs field, enter a list of IP address that are permitted to use the API key.
    Note: Leaving Allowed IPs field empty allows all IP addresses.
  8. Press Save API Key to store API key.

Obtain an API key

Use this process to view and obtain API keys.

  1. In the left navigation bar, press Automations .
  2. In the Development section, press API keys.
  3. In the API keys table, under the Key column, press Copy .

Obtain a publishable API key

Use this process to obtain a publishable API key. This key is required to interact with the Rebilly API.

  1. In the left navigation bar, press Automations .
  2. In the Development section, press API keys.
  3. Optionally, if you have not created a publishable key:
    1. In top right of the screen, press Create API key.
    2. In the API key type section, select Publishable.
    3. Optionally, in the Organizations dropdown, select the organizations that can use the API key.
    4. Optionally, in the Allowed IPs field, enter the IP addresses that are permitted to use the API key.
    5. Press Save API key.
    6. Go to the API keys page.
  4. Select a publishable key and copy the Key value.

Edit or delete an API key

Use this process to edit or delete an API key.

Key deletion is permanent.

  1. In the left navigation bar, press Automations .

  2. In the Development section, press API keys.

  3. Select from the following:

    • Edit an API key:

      1. In the API keys table, under the Name column, press an API key.
      2. Edit the API key, then press Save API key.
    • Delete an API key: In the API keys table, on the right of an API key, press Delete .

Associate keys with organizations

To ensure that an API request is handled by the intended Rebilly account, always include the organizationId in the request URL. API keys are associated with the user who creates them. In Rebilly, a user may be a member of one or more organizations, and may also join or leave organizations. Example: https://api-sandbox.rebilly.com/organizations/{organizationId}/customers.

To associate an API key with an organization, when you create or edit a key, in the Organizations dropdown, select an organization. For more information, see Create an API key or Edit an API key.