Authentication
This document will explain how to authenticate with our API and the purpose of your Public and Secret keys.
Creating your account
In order to use our service, remember you first have to create your free account on Omise. It takes just a couple of seconds!
The right key for the right job
Remember that you have 2 sets of 2 keys: One set for Test mode and one for Live mode. The set of keys you use determines whether actual money will be transferred or not. In other words, you should use your Live keys only on your production server!
You can easily tell which key is which:
| Key format | |
|---|---|
| pkey_test_... | Public key for test mode |
| skey_test_... | Secret key for test mode |
| pkey_... | Public key for live mode |
| skey_... | Secret key for live mode |
Public key
Whenever you need to send us sensitive cardholder data, the first step is to create a token from your user's browser using the public key. Since all this key can do is creating tokens, it is safe to use on a web page.
Related articles: collecting card information, tokens, Omise.js (external)
Secret key
The secret key is what authenticates your server on Omise. It's used on all non-token API queries. The live secret key must never be shared nor stored unsecurely. We highly recommend encrypting the key on your server for maximum protection.
Authentication to Omise API is done via HTTP Basic Auth with your secret key as user name. Password is not required.
If you believe your secret key has been compromised, log in to your Omise account, roll a new key and update it on your server.
Login dashboard to get your API Keys
Example of secret key usage on an API call
curl https://api.omise.co/customers/cust_test_4xs68oo1vgalgffzsyw/cards \
-X GET \
-u skey_test_4xs68olyuul9lmmp375: \
-d "offset=50" \
-d "limit=10"