API Keys and webhooks

API Keys and Webhooks

API Keys and Webhooks are essential for secure and seamless integration with the Tranzakt Payment Platform (TPP), offering access control, event communication, and data security.

Test Mode vs. Production Mode

Test Mode

Allows safe testing of the API’s functionality in a sandbox environment, letting developers test various features without risking real transactions. Note: Test keys should never be used in live environments as they lack production-level security.

Warning
Misuse of production keys can result in unauthorized access. Always verify security protocols are in place

Live Mode

For live applications, these keys must be securely stored and managed, adhering to strict access control measures. You can toggle between Test and Live Mode based on your operational needs.

API Keys

API Keys provide secure authentication to access API endpoints

Before accessing live keys, you must enable two-factor authentication for enhanced security (will be styled)

Public and Secret Keys

A dual-key structure helps ensure access control. Your Public Key is visible to users for frontend requests, while the Secret Key is confidential and handles backend requests.

Key Regeneration

Secret Keys can be regenerated if needed. However, modifying the Public Key will expire all existing test keys, so proceed cautiously when making changes.

IP Whitelisting

Misuse of production keys can result in unauthorized access. Always verify security protocols are in place

Adding your IP address is an important step for invoice creation. IP whitelisting enhances security by restricting access to the API to only specified IP addresses. This ensures that only traffic from trusted sources can interact with the API. IP addresses can differ because the internet service provider may mask the local IP address when requests are made. It's important to note that the ISP IP address can change occasionally. However, for production environments, the IP address is typically more stable since it's the address of where the merchant's application is deployed. For development purposes, merchants can visit What Is My IP? (opens in a new tab) to obtain their ISP's IP address before creating an invoice. For production, the IP address can be retrieved from the hosting environment of the merchant's server.

  • To add an IP to the whitelist:

    a. Enter the IP address in the IP Whitelist field.

    b. Save the configuration to update the access permissions.

Callback URL and Webhook URL

These URLs are key configurations to enable secure communication between TPP and your application

Always test your Callback and Webhook URLs in Test Mode before deploying in production to ensure accurate and timely data flow.

Callback URL

This endpoint receives data or redirects users after specific actions, such as a payment completion. For example, the API might send transaction details to your callback URL post-payment, allowing a smooth transition to your custom application page.

Webhook URL

Unlike callbacks, webhooks push real-time data without requiring user interaction. Webhooks notify your application of specific events like status updates or new data asynchronously, helping your system stay updated on platform activities without manual checks.

CollectionsPayments