API Keys

Test and live mode

To test the PayMongo API, you can send API requests in test mode. This means all requests will not process actual payments. The test and live modes function almost the same, with a few differences:

• In test mode, payments are not processed by our payment processing providers, and only our test sample data can be used.
• Some API resources, such as source, have a more complicated flow in live mode. It requires more steps than those in test mode.
• You can only get your live API keys once your account is activated. You can toggle from the left side of your dashboard's sidebar if you want to get your test/live API keys.

Public and Secret keys

❗️

Never share your secret keys

Treat your secret keys like your passwords. The best practice is to store the secret key in your server's environment variable and not hardcoded in your codebase. If, for any reason, you believe that your secret keys have been compromised, please contact us immediately at [email protected] so we can revoke the old keys and give you new ones. You can also regenerate keys anytime through your dashboard.

Public Key

This API key is solely used to identify your account when calling the PayMongo API from the client-side.

Secret Key

If the public key is used from the client-side, the secret key is meant to be kept confidential and only stored on your servers. The secret API key can perform any API requests to PayMongo without restriction and with access to overall data. The public API key has restricted data for some endpoints.