API Keys
Overview
Keeping Things Secure: API Keys Explained
To ensure secure communication with Tiptop's API, you'll need to use your unique API keys for authentication purposes. These keys act like passwords that verify your account's identity when making API requests.
Separate Keys for Different Environments:
Tiptop provides two sets of keys: one for testing (sandbox mode) and another for live orders. This ensures a safe and controlled development process before going live. Objects created in one mode cannot be manipulated by the other, further enhancing security.
Public vs. Private Keys:
There are two types of API keys: public and private.
Public Keys: Think of these as your account's public identifier. They can be safely shared in places like your Tiptop.js code or mobile applications. Their primary function is to generate tokens for further authentication.
Private Keys: These keys are highly sensitive and should be treated with utmost confidentiality. Store them securely on your servers and avoid sharing them publicly. Private keys have broader access, allowing them to perform almost any API request to Tiptop (with some restrictions).
Key Takeaways:
Each Tiptop account is assigned a total of four keys: a public and private key pair for both test (sandbox) and live environments. By understanding their purpose and keeping private keys confidential, you can ensure secure communication with Tiptop's API.
Retrieve your API keys
Your API keys can be retrieved via the Merchant Portal (opens in a new tab).