Keys and authentication

PreviousMiscellaneous NextCheck transaction status

Last updated 10 days ago

Keys and authentication

Keys

The API and Secret keys will be provided by our team at the end of the onboarding process.

If any keys are shared with unauthorised individuals or compromised, associated accounts, digital assets, services, or integrations may be at risk. Please contact our immediately if you have any concerns or suspect your keys may have been compromised.

Please maintain secure custody of credentials and promptly report any issues. The XGateway team is available to assist with any questions or concerns.

API key

The API key is an automatically generated unique identifier used for authorising API requests.

It is crucial to keep the API key confidential and not share it with unauthorised individuals, as it can be used to access account funds and associated digital assets.

The x-api-key header should be included to authorize API requests.

Example of usage

curl -X 'POST' \
  'https://api.xgateway.tech/api/v1/invoice' \
  -H 'accept: application/json' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
  "amount": "20",
  "baseCurrency": "EUR",
  "customerId": "test_customer_id",
  "orderId": "test_order_id"
}'

Secret Key

The secret key is an automatically generated unique identifier used for creating a hash for callback data verification. This ensures the callback originates from the payment processing system.

It is crucial to keep the secret key confidential and not share it with unauthorized individuals. While it does not provide account access, it should still be protected.

If the secret key is compromised, it could allow fake callbacks and withdrawal requests to be sent to your system. Please keep the secret key secure and confidential.

Example of usage

const hash = crypto
      .createHash("sha512")
      .update(`TRANSACTION_ID.CUSTOMER_ID.AMOUNT.CURRENCY.YOUR_SECRET_KEY`)
      .digest("base64");

Password

It is crucial to keep the password confidential and not share it with unauthorized individuals, as it can be used to access account funds and associated digital assets.

PreviousMiscellaneous NextCheck transaction status

Last updated 10 days ago

Keys

The API and Secret keys will be provided by our team at the end of the onboarding process.

Please maintain secure custody of credentials and promptly report any issues. The XGateway team is available to assist with any questions or concerns.

API key

The API key is an automatically generated unique identifier used for authorising API requests.

It is crucial to keep the API key confidential and not share it with unauthorised individuals, as it can be used to access account funds and associated digital assets.

The x-api-key header should be included to authorize API requests.

Example of usage

curl -X 'POST' \
  'https://api.xgateway.tech/api/v1/invoice' \
  -H 'accept: application/json' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
  "amount": "20",
  "baseCurrency": "EUR",
  "customerId": "test_customer_id",
  "orderId": "test_order_id"
}'

Secret Key

The secret key is an automatically generated unique identifier used for creating a hash for callback data verification. This ensures the callback originates from the payment processing system.

It is crucial to keep the secret key confidential and not share it with unauthorized individuals. While it does not provide account access, it should still be protected.

If the secret key is compromised, it could allow fake callbacks and withdrawal requests to be sent to your system. Please keep the secret key secure and confidential.

Example of usage

const hash = crypto
      .createHash("sha512")
      .update(`TRANSACTION_ID.CUSTOMER_ID.AMOUNT.CURRENCY.YOUR_SECRET_KEY`)
      .digest("base64");

Password

To sign in to your back office, you will need the email and password configured during onboarding. You can change your password via the back office after the first sign-in or by contacting the .

It is crucial to keep the password confidential and not share it with unauthorized individuals, as it can be used to access account funds and associated digital assets.