Skip to main content

Account and API Key(s) Management Guide

Objective

The following guide is an introduction on how you and Payments AI admins create/manage accounts and API keys.

Account

In the first step when you are integrating with Payments AI admins will create an account for you and share with you the temporal API key.

  • You are not able to use the Payments AI till you activate the account
  • With the temporal API key you are not able to make payments, so your account is secure

After the account has been created you have 1 day to activate the account. To do so provide a secret to the account using the temporal API key.

  • After the account has been activated your API key will be rotated
  • With this new API key you will be able to use the Payments AI to the full extent

You can activate the account thanks to a request similar to this one:

curl --location --request PATCH 'https://staging-api.payments.ai/v1/accounts/public-api/{{YOUR_ACCOUNT_ID}}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: {{YOUR_TEMPORAL_API_KEY}}' \
--data '{
    "secret": "{{YOUR_SECRET}}"
}'

After the account has been activated you will receive API key in the response. You do not need to rotate it.

Api Key

You can secure a single account with a secret and then create multiple API keys for various purposes as needed. Our API provides endpoints that allow you to:

  • Retrieve data when the API key has been rotated
curl --location --request PUT 'https://staging-api.payments.ai/v1/accounts/public-api/{{YOUR_ACCOUNT_ID}}/api-keys' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: {{YOUR_TEMPORAL_API_KEY}}' \
--data '{
    "secret": "{{YOUR_SECRET}}"
}'
  • Rotate your API key
curl --location --request PATCH 'https://staging-api.payments.ai/v1/accounts/public-api/{{YOUR_ACCOUNT_ID}}/api-keys/{{YOUR_API_KEY_ID}}' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'Authorization: {{YOUR_TEMPORAL_API_KEY}}' \
--data '{
    "secret": "{{YOUR_SECRET}}"
}'

All of these activities are paired with the secret and API key of the account.

Payments AI admins

We will monitor the activity related to each account.

  • If the account is compromised you could ask us to deactivate the account
  • We could also revoke and rotate your API keys if necessary

Secrets Policy

Secrets need to have:

  • at least 12 characters
  • one upper letter
  • at least one alphanumeric

Secret will need to be changed every 90 days. The new secret will need to be different from the last 4 ones. You need to follow this policy only if you wish to create/rotate your API keys.