-
Notifications
You must be signed in to change notification settings - Fork 0
Merchant API Keys Management
The API keys are used by the merchants to authorize a client to access the payment infrastructure. A merchant can have multiple keys. There are two types of keys that can be used for different functionalities:
Publishable Key - The publishable keys are used by the clients for the payment methods registration. These keys are issued by the Stash backend system and can be stored on a mobile device.
Secret Key - The secret keys are used by the merchants for the transaction operations that are hidden from the customers. These keys are issued by the Stash backend system but should never be stored on a mobile device.
The table below describes the request's publishable/ secret key authorization.
# | Scope | Request | Auth | Public | Secret |
---|---|---|---|---|---|
1 | Alias | Credit Card Registration | Public | Yes | No |
2 | Alias | SEPA Registration | Public | Yes | No |
3 | Alias | PayPal Registration | Public | Yes | No |
4 | Transaction | Preauthorization | Secret | No | Yes |
5 | Transaction | Capture | Secret | No | Yes |
6 | Transaction | Authorization | Secret | No | Yes |
7 | Transaction | Reversal | Secret | No | Yes |
8 | Transaction | Refund | Secret | No | Yes |
9 | Alias | Delete alias | Secret | No | Yes |
A merchant can create a new key by providing the following parameter in an URL path:
Parameter Name | Description | Type | Required |
---|---|---|---|
Merchant-Id | Merchant id | String | Yes |
Request body:
Parameter Name | Description | Type | Required |
---|---|---|---|
name | Key name | String | Yes |
type | PUBLISHABLE or SECRET | String | Yes |
The response body will contain:
Parameter Name | Description | Type |
---|---|---|
id | Key id | String |
key | Generated key | String |
A merchant can edit a key name by providing the following parameters in an URL path:
Parameter Name | Description | Type | Required |
---|---|---|---|
Merchant-Id | Merchant id | String | Yes |
Api-Key-Id | Api key id | String | Yes |
Request body:
Parameter Name | Description | Type | Required |
---|---|---|---|
name | Key name | String | No |
A merchant can retrieve the list of all his existing keys by providing the following parameter in an URL path:
Parameter Name | Description | Type | Required |
---|---|---|---|
Merchant-Id | Merchant id | String | Yes |
The response body will contain a list of all his keys with the following parameters:
Parameter Name | Description | Type |
---|---|---|
id | Key id | String |
key | Generated key | String |
name | Key name | String |
type | PUBLISHABLE or SECRET | String |
A merchant can retrieve a specific key by providing the following parameters in an URL path:
Parameter Name | Description | Type | Required |
---|---|---|---|
Merchant-Id | Merchant id | String | Yes |
Api-Key-Id | Api key id | String | Yes |
The response body will contain:
Parameter Name | Description | Type |
---|---|---|
id | Key id | String |
key | Generated key | String |
name | Key name | String |
type | PUBLISHABLE or SECRET | String |
A merchant can delete a specific key by providing the following parameters in an URL path:
Parameter Name | Description | Type | Required |
---|---|---|---|
Merchant-Id | Merchant id | String | Yes |
Api-Key-Id | Api key id | String | Yes |
The state of the deleted key will be changed from true
to false
in the Stash Backend.
The Swagger documentation can be found here.