API keys

This topic describes API keys and how to use them in Rebilly.

The following key types are available:

  • Secret key: Use to authenticate requests on your server. By default, your secret keys can be used to perform any API request without restriction. Secret keys must be kept secret and stored securely in the server-side code of your web or mobile application.
  • Publishable key: Use to tokenize payment information in your client-side code. Publishable keys are publicly accessible in a web browser or mobile application. Publishable keys are mainly used to create tokens, which are a representation of a payment source that hides sensitive information.

API key format

API keys use the following format: type_environment_tokenizedPayload

Type of key Example
Secret key in the sandbox environment sk_sandbox_K7W_ZG1OvxkXmtDx2kaE39IN2YZF0INVcqsdgXl
Publishable key in the live environment pk_live_CaDB_u9Jb6JeeaR_p811KmwiGTyJOmg1WInsmuo

Manage API keys

This section describes how to manage API keys.

Create an API key

Use this process to create new API keys.

  1. In the left navigation bar, click Automations icon , click API keys & webhooks , and then click API keys .
  2. In top right of the screen, click Add API Key .
  3. In the API Key Name field, enter a recognizable name for the key.
  4. In the API Key Type section, select Secret or Publishable .
  5. Optionally, in the Select organizations dropdown, select an organization to associate with the key.
  6. Optionally, in the Allowed IPs field, enter a list of IP address that are permitted to use the API key.
    Note: Leaving Allowed IPs field empty allows all IP addresses.
  7. Click Save API Key to store API key.

Obtain an API key

Use this process to view and obtain API keys.

  1. In the left navigation bar, click Automations icon , click API keys & webhooks , and then click API keys .
  2. In the API keys table, under the Key column, click Copy icon .

Obtain your publishable API key

Use this process to obtain your publishable API key. This key is required to interact with the Rebilly API.

  1. In the left navigation bar, click Automation icon .
  2. Click API keys & webhooks , then click API keys .
  3. Optionally, if you have not created a publishable key:
    1. In top right of the screen, click Add API Key .
    2. In the API Key Type section, select Publishable , then complete the form and click Save API key .
    3. Go back to the API Keys page.
  4. Select a publishable key and copy the Key value.

Edit or delete an API key

Use this process to edit or delete an API key.

warning

Key deletion is permanent.

  1. In the left navigation bar, click Automations icon , click API keys & webhooks , and then click API keys .
  2. Select from the following:
    • Edit an API key:
      1. In the API keys table, under the Name column, click an API key.
      2. Edit the API key, then click Save API key .
    • Delete an API key: In the API keys table, on the right of an API key, click Delete item icon .

Associate keys with organizations

To ensure that an API request is handled by the intended Rebilly account, always include the organizationId in the request URL. API keys are associated with the user who creates them. In Rebilly, a user may be a member of one or more organizations, and may also join or leave organizations. Example: https://api-sandbox.rebilly.com/organizations/{organizationId}/customers.

To associate an API key with an organization, when you create or edit a key, in the Select organizations dropdown, select an organization. For more information, see Create an API key or Edit an API key.