Skip to main content

API keys

Learn how to manage your API keys.

The Dojo API uses Basic HTTP authentication. To authenticate requests you'll need to provide your API key. Use the Developer Portal to create a key or manage an existing key.

Key format

Keys are structured in a way that has semantic meaning:

  • They start with the prefix sk_ (standing for security key).

  • After that, they contain the environment prefix, which is either: sandbox_ or prod_.

  • Finally, the key content comes after that.

Here is an example test key: sk_sandbox_c8oLGaI__msxsXbpBDpdtwJEz_eIhfQoKHmedqgZPCdBx59zpKZLSk8OPLT0cZolbeuYJSBvzDVVsYvtpo5RkQ.

How to use API keys

You must include your secret API key in the authorization header of all requests, for example:

getting-started/curl/create-payment-intent.sh
loading...

API requests without authentication will fail.

Create a new key

You can use a new API key as soon as you generate it.

An API key is location bound. If your company account has different location accounts, make sure you have selected the correct one before generating the key.

To generate your API keys, go to Developer Portal > API keys and select + Create new key. To copy the API key, click on it.

Store your API key securely in your system, as you would store any other password. If your API key is compromised, you need to generate a new one and replace a compromised key. Don't forget to delete a compromised key after all.

Delete a key

You may delete API keys at any time. A deleted key stops working immediately. Key deletion cannot be undone.

To delete a key, click the three dots next to your secret key and choose Delete key.


Learn more