Authentication

This document will explain how to authenticate with our API and the purpose of your Public and Secret keys.

Creating your account

In order to use our service, remember you first have to create your free account on Omise. It takes just a couple of seconds!

The right key for the right job

Remember that you have 2 sets of 2 keys: One set for Test mode and one for Live mode. The set of keys you use determines whether actual money will be transferred or not. In other words, you should use your Live keys only on your production server!

You can easily tell which key is which:

Key format
pkey_test_... Public key for test mode
skey_test_... Secret key for test mode
pkey_... Public key for live mode
skey_... Secret key for live mode

Public key

Whenever you need to send us sensitive cardholder data, the first step is to create a token from your user's browser using the public key. Since all this key can do is creating tokens, it is safe to use on a web page.

Related articles: collecting card information, tokens, Omise.js (external)

Secret key

The secret key is what authenticates your server on Omise. It's used on all non-token API queries. The live secret key must never be shared nor stored unsecurely. We highly recommend encrypting the key on your server for maximum protection.

Authentication to Omise API is done via HTTP Basic Auth with your private key as user name. Password is not required.

If you believe your secret key has been compromised, log in to your Omise account, roll a new key and update it on your server.

Login dashboard to get your API Keys

Example of secret key usage on an API call

curl https://api.omise.co/customers/cust_test_4xs68oo1vgalgffzsyw/cards \
  -X GET \
  -u skey_test_4xs68olyuul9lmmp375: \
  -d "offset=50" \
  -d "limit=10"