Authentication
Authenticate your requests to the Unzer API.
Public key vs private key
After you sign your Unzer contract, you get four API keys:
- Your sandbox public key (e.g.
s-pub-xxxxxxxxxx) - Your sandbox private key (e.g.
s-priv-xxxxxxxxxx) - Your production public key (e.g.
p-pub-xxxxxxxxxx) - Your production private key (e.g.
p-priv-xxxxxxxxxx)
Your API keys are configured with permissions valid for your specific account. They are tied to you as a merchant.
| Key | Infix | Sandbox key example | Production key example |
|---|---|---|---|
| Public key | pub |
s-pub-xxxxxxxxxx |
p-pub-xxxxxxxxxx |
| Private key | priv |
s-priv-xxxxxxxxxx |
p-priv-xxxxxxxxxx |
Depending on the resource and method used, you either need your public key or your private key to authenticate your request.
For details on which features require a public key or a private key, go to: Authentication reference.
Keep your private key safe
Your private key has multiple permissions. Make sure you keep it safe.
Never make your private key accessible on the web.
If your private key has been compromised, contact us to change it.
HTTP basic authentication
The Unzer API uses HTTP basic authentication (BA) over HTTPS.
HTTP basic authentication requires a username and password. In the Unzer API, the username is your API key, and the password is empty:
- Username: your API key
- Password:
To provide an empty password, add a colon (:) at the end of your key, like this:
-u s-priv-xxxxxxxxxx:
Remember to encode your API key with a Base64 encoder:
curl https://api.unzer.com/v1/payments/charges \
-u s-priv-xxxxxxxxxx:
var heidelpay = new Heidelpay('s-priv-xxxxxxxxxx');
Heidelpay heidelpay = new Heidelpay("s-priv-xxxxxxxxxx")
// In PHP you do not need to hash the secret key because it is done for you.
// You can just create the Heidelpay object and pass your private key as parameter one
$heidelpay = new Heidelpay('s-priv-xxxxxxxxxx', SupportedLocale::GERMAN_GERMAN);