Authentication
Authenticate requests to the Unzer API.
Overview
The Unzer API uses HTTP basic authentication (BA) over HTTPS. Any requests to the API must be authenticated using either your public or private key obtained after signing contract with Unzer.
Private key
Private key allows you to identify yourself while sending Unzer API requests on the server side. Your private key has multiple permissions, so be sure to keep it safe. You should never make your private key accessible on the web.
Public key
Public key allows you to identify yourself while sending Unzer API requests on the client side. This is utilized when integrating using Unzer UI components.
Authentication
HTTP basic authentication requires a username and password. In the Unzer API, the username is your API key, and the password is empty. To provide an empty password, add a colon (:) at the end of your key. Remember to encode your API key with a Base64 encoder.
curl https://api.unzer.com/v1/keypair \
--header "Authorization: Basic cy1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxOg=="
// You do not need to hash the secret key because it is done for you by the SDK.
// You can just create the Unzer object and pass your private key as parameter one
$unzer = new Unzer('s-priv-xxxxxxxxxx', SupportedLocale::GERMAN_GERMAN);
// Use the public key when calling Unzer API on the client side.
var unzer = new Unzer('s-pub-xxxxxxxxxx');
// Use the public key when calling Unzer API on the client side.
var unzer = new Unzer('s-pub-xxxxxxxxxx');
Unzer API keys
If you request for a test account, you will receive two sandbox API keys:
- Your sandbox public key (for example,
s-pub-xxxxxxxxxx) - Your sandbox private key (for example,
s-priv-xxxxxxxxxx)
Sandbox keys allow you to make test transactions.
After signing your Unzer contract, you get your production API keys:
- Your production public key (for example,
p-pub-xxxxxxxxxx) - Your production private key (for example,
p-priv-xxxxxxxxxx)
Your API keys are configured with permissions valid for your specific account. They are specific to you as a merchant.
| Key | Infix | Sandbox key example | Production key example |
|---|---|---|---|
| Public key | pub | s-pub-xxxxxxxxxx | p-pub-xxxxxxxxxx |
| Private key | priv | s-priv-xxxxxxxxxx | p-priv-xxxxxxxxxx |
Depending on the resource and method used, you either need your public key or your private key to authenticate your request. For details on which features require a public key or a private key, as shown in the following table.
| Endpoint | POST | GET | PUT | DELETE |
|---|---|---|---|---|
/payments/authorize | Private key | Private key | Not allowed | Not allowed |
/payments/charges | Private key | Private key | Not allowed | Not allowed |
/payments/authorize/cancels | Private key | Private key | Not allowed | Not allowed |
/payments/charges/cancels | Private key | Private key | Not allowed | Not allowed |
/payments/shipments | Private key | Private key | Not allowed | Not allowed |
/customers | Public key | Private key | Public key | Private key |
/types/{paymentType} | Public key | Private key | Not allowed | Not allowed |
See also
Check your key configuration: