Guides
Back to skipify.comContact Us

API Authentication: API Key

Suggest Edits

Overview

API Key Authentication is a widely adopted security mechanism for controlling access to JSON APIs . This authentication method involves the use of a unique, generated string—the API key—which acts as a form of credentials for programmatic API access. API keys are unique identifiers that authenticate requests to an API. They serve as a token that identifies the calling application or user without requiring username and password credentials for each request.

Skipify APIs that use API Key authentication

  • Skipify Paylinks
  • Skipify Embedded Components - Submit Payment
    • /payments
    • /payments/credentials
    • /payments/external-response
  • Skipify Gateway API
  • Skipify Advanced - API-Only

Required Headers for API Key authenticated Requests

Obtaining the API Key

Your Skipify Implementation Engineer can provide guidance on how to access your API Key for your Parent Merchant Account.

The Merchant Onboarding API will provide Merchant API Keys via API Response for additional merchants boarded.

The Skipify Merchant Portal can be used to generate, view and manage API Keys. There is an API Keys section on the lefthand navigation menu of the Merchant Portal. Click the Create new API Key button to create a new Key. Please note you must save the API Key securely when it is displayed on the screen initially. You will not be able to access the value of the API Key again.

Please reach out to your Skipify Implementations contact if you do not have access to the Skipify Merchant Portal.

How to Build an Authorization Request Header

Add an Authorization Header and pass "ApiKey {YOUR_API_KEY}" as the value:

Adding the Authorization Header


    'Authorization': 'ApiKey SKIP_5wlK.D_I8T7MRi)i@Du6=8M)Q|d<R.*j0{LPW9U<w$m>q_T#oSuX?Zu;%.T',
    'Content-Type': 'application/json'

X-Idempotency-Key Header

*Note: this header is currently only required for the /payments endpoint

What is Idempotency?

An operation is idempotent if performing it multiple times has the same effect as performing it once . In the context of APIs, this means that making the same request multiple times won't cause unintended side effects beyond what would happen with a single request.

Skipify's APIs protect against duplicate requests by including an X-Idempotency-Key header.

Send a unique X-Idempotency-Key for each unique request you send to Skipify that requires this header.

Best Practices for Idempotency Keys

  1. Use UUID version 4: This version generates random UUIDs, which are suitable for idempotency keys as they have extremely low collision probability.
  2. Store keys securely: On the client side, persist idempotency keys in local storage or a similar mechanism so they survive page refreshes during operations.

Please reach out to your Skipify Implementations Engineer if you are having trouble with API Key Authentication

Skipify baner with link to contact us form

Updated about 11 hours ago

What’s Next