The Stronghold Pay API uses API keys to authentication requests. You can view and manage your API keys in the Stronghold Pay Dashboard.
There are two types of API keys:
API keys are environment specific, and the environment that any particular API key is associated with can be easily determined as the environment name is present in the key itself, e.g. a publishable key for the
sandbox environment will start with
Publishable keys are safe to include in client-side or otherwise publicly accessible code, i.e. they can be published without risking improper access to your account.
Publishable keys start with
Stronghold.Pay.JS library uses publishable keys to identify your account, without allowing for improper access.
Secret keys should be handled with care and must never be exposed publicly. Anyone with access to these keys can perform actions via the API on behalf of your account.
Secret keys start with
The API routes require a secret key to be specified to identity your account. To use your API key, include it in the
SH-SECRET-KEY header on each request.