Authentication
Authenticate your requests to the Unzer API.
Public key vs private key
After you sign your Unzer contract, you get four API keys:
- Your sandbox public key (e.g.
s-pub-xxxxxxxxxx) - Your sandbox private key (e.g.
s-priv-xxxxxxxxxx) - Your production public key (e.g.
p-pub-xxxxxxxxxx) - Your production private key (e.g.
p-priv-xxxxxxxxxx)
Your API keys are configured with permissions valid for your specific account. They are tied to you as a merchant.
| Key | Infix | Sandbox key example | Production key example |
|---|---|---|---|
| Public key | pub |
s-pub-xxxxxxxxxx |
p-pub-xxxxxxxxxx |
| Private key | priv |
s-priv-xxxxxxxxxx |
p-priv-xxxxxxxxxx |
Depending on the resource and method used, you either need your public key or your private key to authenticate your request.
For details on which features require a public key or a private key, go to: Authentication reference.
HTTP basic authentication
The Unzer API uses HTTP basic authentication (BA) over HTTPS.
HTTP basic authentication requires a username and password. In the Unzer API, the username is your API key, and the password is empty:
- Username: your API key
- Password:
To provide an empty password, add a colon (:) at the end of your key, like this:
-u s-priv-xxxxxxxxxx:
Remember to encode your API key with a Base64 encoder:
curl https://api.unzer.com/v1/payments/charges \
-u s-priv-xxxxxxxxxx:
var heidelpay = new Heidelpay('s-priv-xxxxxxxxxx');
Heidelpay heidelpay = new Heidelpay("s-priv-xxxxxxxxxx")
// In PHP you do not need to hash the secret key because it is done for you.
// You can just create the Heidelpay object and pass your private key as parameter one
$heidelpay = new Heidelpay('s-priv-xxxxxxxxxx', SupportedLocale::GERMAN_GERMAN);