Check your API keypair configuration.


When you have a contract with Unzer, you will receive a keypair which is specifically configured for you. That keypair consists of a public key and a private key. These keypairs are necessary for using our API’s and SDK’s properly.

Obtaining your keypair

Before you’re even eligible for a keypair of your own, you have to have a contract with Unzer. After that, you will receive a fully configured keypair which is tied to you as a merchant.

With that, you will be able to execute a wide variety of calls to our API’s and more. If you have any questions or want to get your own public and private key, simply contact Unzer support.

Using your keypair

General usage

In order to use our API’s and SDK’s, valid keypairs are a must. If you want to execute any sort of call, you will either need your public or your private key, depending on the request you’re trying to make.

You can create (POST) different payment types by using your public key, but fetching (GET) a payment type is only possible with your private key. For executing any call on /payments like /payments/authorize or payments/charge you always need your private key.

In conclusion: The public key is used when creating /types or /customer resources. Any sort of authentication is done with the private key.

Private key
Note: Your private key has many permissions, so be sure to keep it safe! You should never make your private key accessible on the web or mobile devices!
If your private key is compromised, please contact our support team immediately to replace the existing key pair.

Additionally you have to differentiate between test and production keys depending on the way you want to use the API.

Checking the keypair configuration

There are 2 ways to check how your keypairs are configured:

  • A GET request on /keypair
  • A GET request on /keypair/types


By executing a simple GET call on /keypair with your private key as parameter, like so:

curl \
  -u s-priv-xxxxxxxxxx:

you will receive the associated public key, … and all configured payment methods in a simple form in return.

Here’s an example of how the returned object might look like:

  "publicKey" : "s-pub-xxxxxxxxxx",
  "privateKey" : "3b04ee56d6ba0c68562deea645032d180f6007046eaa3efaa19360983b383bb6",
  "availablePaymentTypes" : [ "invoice-secured", "PIS", "sofort", "prepayment", "sepa-direct-debit-secured", "paypal", "EPS", "sepa-direct-debit", "ideal", "invoice", "przelewy24", "card", "giropay" ]


By executing a GET request on /keypair/types with your private key as parameter, like so:

curl \
  -u s-priv-xxxxxxxxxx:

you will not only receive the the associated public key, you will also get a detailed list of all configured payment methods, their countries, brands, the channel etc. for that particular keypair.

Your result should look something like this:

  "publicKey" : "s-pub-xxxxxxxxxx",
  "privateKey" : "3b04ee56d6ba0c68562deea645032d180f6007046eaa3efaa19360983b383bb6",
  "secureLevel" : "SAQ-D",
  "alias" : "",
  "paymentTypes" : [ {
    "supports" : [ {
      "brands" : [ ],
      "countries" : [ ],
      "channel" : "31HA07BC819430D3495C56BC18C55622",
      "currency" : [ "EUR" ]
    } ],
    "type" : "invoice-secured",
    "allowCustomerTypes": "B2B,B2C",
    "3ds" : false



For more information check out the API reference.

Invalidating resources

There is also the option of invalidating certain resources by time or usage. This can only be done globally for a keypair. For more information about that, look up the section Invalidating Resources (").