alt

Important information

Please be advised that there will be a scheduled downtime across our API network on November 05 and November 07, 2024. For more information, visit our platform status portal.:
- Scheduled maintenance on November 5, 2024
- Scheduled maintenance on November 7, 2024

Unzer
search
Ctrl+K

    Authentication

    Authenticate requests to the Unzer API.

    Overview

    The Unzer API uses HTTP basic authentication (BA) over HTTPS. Any requests to the API must be authenticated using either your public or private key obtained after signing contract with Unzer.

    Private key

    Private key allows you to identify yourself while sending Unzer API requests on the server side. Your private key has multiple permissions, so be sure to keep it safe. You should never make your private key accessible on the web.

    icon
    If your private key is compromised, please contact our support team immediately to change it.

    Public key

    Public key allows you to identify yourself while sending Unzer API requests on the client side. This is utilized when integrating using Unzer UI components.

    Authentication

    HTTP basic authentication requires a username and password. In the Unzer API, the username is your API key, and the password is empty. To provide an empty password, add a colon (:) at the end of your key. Remember to encode your API key with a Base64 encoder.

    curl https://api.unzer.com/v1/keypair \
--header "Authorization: Basic cy1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxOg=="

    // You do not need to hash the secret key because it is done for you by the SDK.
// You can just create the Unzer object and pass your private key as parameter one
$unzer = new Unzer('s-priv-xxxxxxxxxx', SupportedLocale::GERMAN_GERMAN);

    // Use the public key when calling Unzer API on the client side.
var unzer = new Unzer('s-pub-xxxxxxxxxx');

    // Use the public key when calling Unzer API on the client side.
var unzer = new Unzer('s-pub-xxxxxxxxxx');

    Unzer API keys

    If you request for a test account, you will receive two sandbox API keys:

    • Your sandbox public key (for example, s-pub-xxxxxxxxxx)
    • Your sandbox private key (for example, s-priv-xxxxxxxxxx)

    Sandbox keys allow you to make test transactions.

    After signing your Unzer contract, you get your production API keys:

    • Your production public key (for example, p-pub-xxxxxxxxxx)
    • Your production private key (for example, p-priv-xxxxxxxxxx)

    Your API keys are configured with permissions valid for your specific account. They are specific to you as a merchant.

    KeyInfixSandbox key exampleProduction key example
    Public keypubs-pub-xxxxxxxxxxp-pub-xxxxxxxxxx
    Private keyprivs-priv-xxxxxxxxxxp-priv-xxxxxxxxxx

    Depending on the resource and method used, you either need your public key or your private key to authenticate your request. For details on which features require a public key or a private key, as shown in the following table.

    EndpointPOSTGETPUTDELETE
    /payments/authorizePrivate keyPrivate keyNot allowedNot allowed
    /payments/chargesPrivate keyPrivate keyNot allowedNot allowed
    /payments/authorize/cancelsPrivate keyPrivate keyNot allowedNot allowed
    /payments/charges/cancelsPrivate keyPrivate keyNot allowedNot allowed
    /payments/shipmentsPrivate keyPrivate keyNot allowedNot allowed
    /customersPublic keyPrivate keyPublic keyPrivate key
    /types/{paymentType}Public keyPrivate keyNot allowedNot allowed

    See also

    Check your key configuration: