Contents
Implementation process
Direct API Integrations require some coding. There are a few things you must do before you can deploy it to your production account and go live:
We'll cover the items that are bolded in this article. We'll cover the other steps in the other guide steps.
Retrieving your API keys
Let’s start with a brief overview of what API Keys are used for. Affirm authenticates your API requests using your account’s API Keys. If you do not include your key when making an API request or use one that is incorrect or outdated, Affirm returns an error.
Every account is provided with four separate keys: a public and private key pair for test mode and for running live transactions. All API requests exist in either test or live mode, and objects in one mode cannot be manipulated by objects in the other.
Therefore, there are two types of API Keys: public and private.
-
Public API Keys are meant solely to identify your account with Affirm, they aren’t private. They can safely be published in places like your Affirm.js (JavaScript code), or in an Android or iPhone app. Public keys only have the power to create tokens.
-
Private API Keys should be kept confidential and only stored on your own servers. Your account’s private API key can perform any API request to Affirm with some restrictions.
To retrieve your Public and Private API Keys you must access your Merchant Dashboard and locate the API Keys on the left side of your Dashboard. This is the section we are referring to: