Your API requests to Durianpay API must be authenticated using your account's API keys. An authentication error will be returned if the API key is not provided or invalid.
Every Durianpay account is provided with API keys for testing to try out Durianpay API and for running live requests. Your API keys are available in the Settings of the dashboard (or through your dedicated Customer Success Manager).
To test our APIs, you can send API requests in sandbox mode. This means all requests will not process actual payments. The sandbox and live modes function almost the same with a few differences:
In sandbox mode, payments are not actually processed by our payment processing providers, and only our test sample data can be used. Some API resources such as sources have a more complicated flow in live mode. It requires more steps than those in sandbox mode (for example, 3DS verification in case of card payments). You can only get your live API keys once your account is activated.
All Durianpay APIs are authorized using
Basic Authorization. Basic authorization requires your secret key which can be obtained from Durianpay dashboard or through your dedicated Customer Success Manager.
- Sandbox Mode -
- Live Mode -
The secret key is meant to be kept confidential and only stored on your own servers. Secret API key can perform any API requests to Durianpay without restriction and with access to overall data.
Never share your secret key with anyone. Treat your secret keys like your passwords. The best practice is to store the secret key in your server's environment variable and not hardcoded in your codebase. If, for any reason, you believe that your secret keys have been compromised, please contact us immediately at firstname.lastname@example.org (or your dedicated Customer Success Manager) so we can revoke the old keys and give you new ones.