> ## Documentation Index
> Fetch the complete documentation index at: https://docs.caibo.digital/llms.txt
> Use this file to discover all available pages before exploring further.
# API Keys
> Generate and manage API keys for secure access to Caibo IPG APIs
## Overview
API keys are essential credentials that authenticate your requests to Caibo IPG APIs. They provide secure access to payment processing functionality and are generated through the Control Panel.
## Key Features
* **Secure Authentication**: API keys provide secure access to all Caibo IPG endpoints
* **Easy Generation**: Generate new keys instantly through the Control Panel interface
* **Key Rotation**: Regenerate keys for enhanced security without service interruption
* **Environment Support**: Separate keys for test and production environments
## Generating API Keys
### Step 1: Access Your Profile
1. **Log into the Control Panel** using your merchant credentials
2. **Navigate to Profile Settings** from the main menu
3. **Locate the API Key section** in your profile
### Step 2: Generate Your Key
1. **Click "Generate API Key"** or the key icon (🔑) next to the API Key field
2. **Confirm the action** in the dialog that appears
3. **Copy your new API key** immediately after generation
**Important**: Your API key is displayed only once during generation. Make sure to copy and store it securely before closing the dialog.
### Step 3: Store Securely
* **Environment Variables**: Store in your application's environment configuration
* **Secure Storage**: Never commit API keys to version control
* **Access Control**: Limit access to keys within your organization
## Key Types
### Test Keys
* **Format**: `caibo_test_sk_*`
* **Purpose**: Development and testing
* **Environment**: Sandbox/Test environment
* **Transactions**: No real money processed
### Live Keys
* **Format**: `caibo_live_sk_*`
* **Purpose**: Production transactions
* **Environment**: Live/Production environment
* **Transactions**: Real money processing
## Using API Keys
### HTTP Header Format
Include your API key in all requests using the `X-API-Key` header:
```http theme={null}
X-API-Key: caibo_live_sk_1234567890abcdef
Content-Type: application/json
```
### Example Request
```bash theme={null}
curl -X GET \
"https://apay.caibo.digital/payment-requests/12345" \
-H "X-API-Key: caibo_live_sk_1234567890abcdef" \
-H "Content-Type: application/json"
```
## Key Management
### Regenerating Keys
To regenerate an existing API key:
1. **Navigate to Profile Settings**
2. **Click the regenerate icon** (🔑) next to your current API key
3. **Confirm regeneration** in the dialog
4. **Update all integrations** with the new key
**Service Interruption**: Regenerating a key immediately invalidates the previous key. Ensure all systems are updated before regenerating.
### Key Rotation Best Practices
* **Regular Rotation**: Regenerate keys periodically for security
* **Planned Updates**: Schedule key rotations during maintenance windows
* **Testing**: Verify new keys work before invalidating old ones
* **Documentation**: Keep internal documentation updated with key changes
## Security Best Practices
### Storage Security
* **Never expose keys** in client-side code or public repositories
* **Use environment variables** or secure configuration management
* **Implement access controls** for key storage systems
* **Monitor key usage** for suspicious activity
### Access Management
* **Principle of least privilege**: Only grant access to necessary personnel
* **Audit key usage**: Regularly review who has access to API keys
* **Revoke unused keys**: Remove keys that are no longer needed
* **Separate environments**: Use different keys for test and production
### Monitoring
* **Track API usage**: Monitor requests made with your API keys
* **Set up alerts**: Configure notifications for unusual activity
* **Regular audits**: Review key usage patterns periodically
* **Incident response**: Have procedures for compromised keys
## Troubleshooting
### Common Issues
#### Key Not Working
* **Check format**: Ensure key starts with `caibo_test_sk_` or `caibo_live_sk_`
* **Verify environment**: Confirm you're using the correct key for your environment
* **Check regeneration**: Ensure the key hasn't been recently regenerated
#### Authentication Errors
* **Header format**: Verify `X-API-Key` header is correctly formatted
* **Key validity**: Confirm the key is active and not revoked
* **Account status**: Ensure your merchant account is in good standing
#### Missing Keys
* **Profile access**: Verify you can access the Profile Settings page
* **Account permissions**: Ensure you have permission to generate API keys
* **Browser issues**: Try clearing cache or using a different browser
### Getting Help
If you encounter issues with API key management:
1. **Check account status** in the Control Panel
2. **Review error messages** for specific guidance
3. **Contact support** at [support@caibo.digital](mailto:support@caibo.digital) with:
* Your merchant account ID
* Description of the issue
* Screenshots if applicable
## Integration Examples
### Environment Configuration
```bash .env theme={null}
# Test Environment
CAIBO_API_KEY=caibo_test_sk_your_test_key_here
CAIBO_BASE_URL=https://apay.caibo.digital
# Production Environment
CAIBO_API_KEY=caibo_live_sk_your_live_key_here
CAIBO_BASE_URL=https://apay.caibo.digital
```
```javascript config.js theme={null}
module.exports = {
caibo: {
apiKey: process.env.CAIBO_API_KEY,
baseUrl: process.env.CAIBO_BASE_URL || 'https://apay.caibo.digital'
}
};
```
```python config.py theme={null}
import os
CAIBO_CONFIG = {
'api_key': os.getenv('CAIBO_API_KEY'),
'base_url': os.getenv('CAIBO_BASE_URL', 'https://apay.caibo.digital')
}
```
## Related Documentation
Complete authentication setup and usage guide
Quick start guide for your first integration
Learn how to create and manage payment requests
Comprehensive security guidelines