Authenticate your requests to the Unzer API.

Public key vs private key

After you sign your Unzer contract, you get four API keys:

  • Your sandbox public key (e.g. s-pub-xxxxxxxxxx)
  • Your sandbox private key (e.g. s-priv-xxxxxxxxxx)
  • Your production public key (e.g. p-pub-xxxxxxxxxx)
  • Your production private key (e.g. p-priv-xxxxxxxxxx)

Your API keys are configured with permissions valid for your specific account. They are tied to you as a merchant.

Key Infix Sandbox key example Production key example
Public key pub s-pub-xxxxxxxxxx p-pub-xxxxxxxxxx
Private key priv s-priv-xxxxxxxxxx p-priv-xxxxxxxxxx

Depending on the resource and method used, you either need your public key or your private key to authenticate your request.

For details on which features require a public key or a private key, go to: Authentication reference.

HTTP basic authentication

The Unzer API uses HTTP basic authentication (BA) over HTTPS.

HTTP basic authentication requires a username and password. In the Unzer API, the username is your API key, and the password is empty:

  • Username: your API key
  • Password:

To provide an empty password, add a colon (:) at the end of your key, like this:

-u s-priv-xxxxxxxxxx:

Remember to encode your API key with a Base64 encoder:

curl \
  -u s-priv-xxxxxxxxxx:
var heidelpay = new Heidelpay('s-priv-xxxxxxxxxx');
Heidelpay heidelpay = new Heidelpay("s-priv-xxxxxxxxxx")
// In PHP you do not need to hash the secret key because it is done for you.
// You can just create the Heidelpay object and pass your private key as parameter one
$heidelpay = new Heidelpay('s-priv-xxxxxxxxxx', SupportedLocale::GERMAN_GERMAN);