API Keys
Generate and regenerate Test and Live API Keys using the Curlec Dashboard.
API keys are unique identifiers that let you securely connect your application to Razorpay's services. An API key is a combination of the key_id
and key_secret
, which are required to make any API request to Curlec. You will need to add this API key to your code as part of your integration process, ensuring secure access to Razorpay's payment services while protecting your data. Essentially, API keys act like passwords for your app, providing safe access to Razorpay's payment and other services while protecting your data.
Watch Out!
To generate API keys in Live Mode, you must provide the website details where you will collect payments. If you do not have the option to generate API keys in Live Mode. It may be because you are yet to provide your website details. We collect website information during the onboarding process.
- If you have not shared your website yet, please . We will verify your website within 3 working days. Once the verification is complete, you can generate API keys in Live Mode.
- If you have already shared your website details and they have been verified, you can find the details on your . Navigate to Account & Settings → Website and app settings.
- You can generate API keys in Test Mode without adding a website.
If you still encounter issues, raise a request with our
.Follow these steps to generate API keys:
- Log in to your with the appropriate credentials.
- Select the mode (Test or Live) for which you want to generate the API key.
- Test Mode: The test mode is a simulation mode that you can use to test your integration flow. Your customers will not be able to make payments in this mode.
- Live Mode: When your integration is complete, switch to live mode and generate live mode API keys. In the integration, replace test mode keys with live mode keys to accept customer payments.
- Navigate to Account & Settings → API Keys (under Website and app settings) → Generate Key to generate key for the selected mode.
The Key Id
and Key Secret
appear on a pop-up page.
Watch Out!
- After generating the keys from the Dashboard, download and save them securely. You can use only one set of API keys. If you don't remember your API keys, you must from the dashboard and update them wherever the previous keys were used for payment gateway integrations.
- API Keys are universal; that is, they are applicable to all websites and apps that you have whitelisted for your Merchant ID.
- Do not share your API Key secret with anyone or on any public platforms. This can pose security threats to your Curlec account.
- Once you generate the API Keys, only the Key Id is visible on the Dashboard, not the Key secret, as it can pose security threats to your Curlec account.
- Use the Live API Keys to accept live payments and the Test API Keys for test transactions.
Once generated, you will be able to see the Key Id, the date the key was created and the expiry date for the API Key on screen.
You also have the option to regenerate the key if required.
Two-Factor Authentication
To regenerate API keys, you must validate your identity via OTP and send it to your registered mobile number. However, this step is skipped if you already performed OTP validation while logging in to the Dashboard.
If you have not set up two-factor authentication, you will be prompted to verify your mobile number before regenerating keys.
To regenerate API key:
- Log in to the .
- Select the mode from the menu ribbon for which you want to generate the API key.
- Navigate to Account & Settings → API Keys (under Website and app settings) → Generate new key to generate key for the selected mode.
This allows you to deactivate the old key immediately or within 24 hours.
No, if you have only one MID, you can generate only one API key.
Yes, you can generate one API key for each MID if you have multiple MIDs.
Yes, if your existing API key is saved, you can continue using the same keys as you expand to new platforms.
If you do not have the previous API key saved, you must regenerate new API keys and relaunch all previous products or apps with the updated keys.
5. My account is activated but I cannot generate API keys as my website is not verified. What do I do?
Website details are required to generate API keys. If you do not have the option to generate API keys, it may be because website details are yet to be provided. If you have not shared your website yet, please
. We will verify your website within 3 working days, and once the verification is complete, you can generate API keys.Your website or app link must be verified to generate an API key. This step ensures that only verified sources (website/app) can collect payments through the payment gateway.
Only users with the Owner or Admin role have access to the API keys. Know more about
.No, API keys are not required to integrate a payment app with Shopify. OAuth is to handle the authentication process.
If you are integrating a non-payment app with Shopify, only the API key is required and not the key_secret. However, Shopify does not require API keys to integrate payment apps.
Was this page helpful?