Skip to main content

Overview

API keys are essential credentials that authenticate your requests to Caibo IPG APIs. They provide secure access to payment processing functionality and are generated through the Control Panel.

Key Features

  • Secure Authentication: API keys provide secure access to all Caibo IPG endpoints
  • Easy Generation: Generate new keys instantly through the Control Panel interface
  • Key Rotation: Regenerate keys for enhanced security without service interruption
  • Environment Support: Separate keys for test and production environments

Generating API Keys

Step 1: Access Your Profile

  1. Log into the Control Panel using your merchant credentials
  2. Navigate to Profile Settings from the main menu
  3. Locate the API Key section in your profile

Step 2: Generate Your Key

  1. Click “Generate API Key” or the key icon (🔑) next to the API Key field
  2. Confirm the action in the dialog that appears
  3. Copy your new API key immediately after generation
Important: Your API key is displayed only once during generation. Make sure to copy and store it securely before closing the dialog.

Step 3: Store Securely

  • Environment Variables: Store in your application’s environment configuration
  • Secure Storage: Never commit API keys to version control
  • Access Control: Limit access to keys within your organization

Key Types

Test Keys

  • Format: caibo_test_sk_*
  • Purpose: Development and testing
  • Environment: Sandbox/Test environment
  • Transactions: No real money processed

Live Keys

  • Format: caibo_live_sk_*
  • Purpose: Production transactions
  • Environment: Live/Production environment
  • Transactions: Real money processing

Using API Keys

HTTP Header Format

Include your API key in all requests using the X-API-Key header: 
X-API-Key: caibo_live_sk_1234567890abcdef
Content-Type: application/json

Example Request

curl -X GET \
  "https://apay.caibo.digital/payment-requests/12345" \
  -H "X-API-Key: caibo_live_sk_1234567890abcdef" \
  -H "Content-Type: application/json"

Key Management

Regenerating Keys

To regenerate an existing API key:
  1. Navigate to Profile Settings
  2. Click the regenerate icon (🔑) next to your current API key
  3. Confirm regeneration in the dialog
  4. Update all integrations with the new key
Service Interruption: Regenerating a key immediately invalidates the previous key. Ensure all systems are updated before regenerating.

Key Rotation Best Practices

  • Regular Rotation: Regenerate keys periodically for security
  • Planned Updates: Schedule key rotations during maintenance windows
  • Testing: Verify new keys work before invalidating old ones
  • Documentation: Keep internal documentation updated with key changes

Security Best Practices

Storage Security

  • Never expose keys in client-side code or public repositories
  • Use environment variables or secure configuration management
  • Implement access controls for key storage systems
  • Monitor key usage for suspicious activity

Access Management

  • Principle of least privilege: Only grant access to necessary personnel
  • Audit key usage: Regularly review who has access to API keys
  • Revoke unused keys: Remove keys that are no longer needed
  • Separate environments: Use different keys for test and production

Monitoring

  • Track API usage: Monitor requests made with your API keys
  • Set up alerts: Configure notifications for unusual activity
  • Regular audits: Review key usage patterns periodically
  • Incident response: Have procedures for compromised keys

Troubleshooting

Common Issues

Key Not Working

  • Check format: Ensure key starts with caibo_test_sk_ or caibo_live_sk_
  • Verify environment: Confirm you’re using the correct key for your environment
  • Check regeneration: Ensure the key hasn’t been recently regenerated

Authentication Errors

  • Header format: Verify X-API-Key header is correctly formatted
  • Key validity: Confirm the key is active and not revoked
  • Account status: Ensure your merchant account is in good standing

Missing Keys

  • Profile access: Verify you can access the Profile Settings page
  • Account permissions: Ensure you have permission to generate API keys
  • Browser issues: Try clearing cache or using a different browser

Getting Help

If you encounter issues with API key management:
  1. Check account status in the Control Panel
  2. Review error messages for specific guidance
  3. Contact support at support@caibo.digital with:
    • Your merchant account ID
    • Description of the issue
    • Screenshots if applicable

Integration Examples

Environment Configuration

# Test Environment
CAIBO_API_KEY=caibo_test_sk_your_test_key_here
CAIBO_BASE_URL=https://apay.caibo.digital

# Production Environment  
CAIBO_API_KEY=caibo_live_sk_your_live_key_here
CAIBO_BASE_URL=https://apay.caibo.digital

Authentication Guide

Complete authentication setup and usage guide

Getting Started

Quick start guide for your first integration

Payment Requests

Learn how to create and manage payment requests

Security Best Practices

Comprehensive security guidelines