Stronghold.Pay.js
In-store and online
Charge Authorization
PaymentSources
BalanceTransfers
Customers
Domains
Merchants
PayLinks
Charges
Reports
Sandbox
Settlements
Tips
Utility
Models
Authentication
Countries
Currencies
v1 Reference (Deprecated)

Authentication

The Stronghold Pay API uses API keys to authentication requests. You can view and manage your API keys in the Stronghold Pay Dashboard.

There are two types of API keys:

API keys are environment specific, and the environment that any particular API key is associated with can be easily determined as the environment name is present in the key itself, e.g. a publishable key for the sandbox environment will start with pk_sandbox_.

Publishable keys

Publishable keys are safe to include in client-side or otherwise publicly accessible code, i.e. they can be published without risking improper access to your account.

Publishable keys start with pk_.

The Stronghold.Pay.JS library uses publishable keys to identify your account, without allowing for improper access.

Secret keys

Secret keys should be handled with care and must never be exposed publicly. Anyone with access to these keys can perform actions via the API on behalf of your account.

Secret keys start with sk_.

The API routes require a secret key to be specified to identity your account. To use your API key, include it in the SH-SECRET-KEY header on each request.