🛠️
Integration Guide
  • 🔎Overview
    • 👋Welcome to XGateway
  • 🏎️QUICK START
    • Integrate with XGateway
    • Supported currencies
    • Keys and authentication
    • KYC
  • ⚙️INTEGRATION GUIDES
    • Important Concepts
    • Environments
      • Testing on the demo environment
    • Integration using Checkout Page
    • Integration using API
      • Channel payment flow API
      • Assets balance API
      • Exchange rate service API
      • Export SumSub KYC token
    • Callbacks
      • Transaction callback
        • Transaction object
      • Bank Account callback
      • KYC callback
    • How to initiate a withdrawal
      • Withdrawal API(V2)
      • Withdrawal API(V1)
    • Check transaction status
  • 💱Payment flows
    • Transaction flowchart
    • KYC checks diagram
    • Confirmation subprocess
    • User flow for crypto onramp
    • User flow for banking onramp
    • Fees structure
      • Adjustable BTC Minimum Deposit Fee Framework
  • 🏤Back office
Powered by GitBook
On this page
  • Keys
  • API key
  • Secret Key
  • Password
  1. QUICK START

Keys and authentication

PreviousSupported currenciesNextKYC

Last updated 1 month ago

Keys

The API and Secret keys will be provided by our team at the end of the onboarding process.

If any keys are shared with unauthorised individuals or compromised, associated accounts, digital assets, services, or integrations may be at risk. Please contact our immediately if you have any concerns or suspect your keys may have been compromised.

Please maintain secure custody of credentials and promptly report any issues. The XGateway team is available to assist with any questions or concerns.

API key

The API key is an automatically generated unique identifier used for authorizing API requests.

It is crucial to keep the API key confidential and not share it with unauthorized individuals, as it can be used to access account funds and associated digital assets.

The x-api-key header should be included to authorize API requests.

Example of usage
curl -X 'POST' \
  'https://api.xgateway.tech/api/v1/invoice' \
  -H 'accept: application/json' \
  -H 'x-api-key: YOUR_API_KEY' \
  -H 'Content-Type: application/json' \
  -d '{
  "amount": "20",
  "baseCurrency": "EUR",
  "customerId": "test_customer_id",
  "orderId": "test_order_id"
}'

Secret Key

The secret key is an automatically generated unique identifier used for creating a hash for callback data verification. This ensures the callback originates from the payment processing system.

It is crucial to keep the secret key confidential and not share it with unauthorized individuals. While it does not provide account access, it should still be protected.

If the secret key is compromised, it could allow fake callbacks and withdrawal requests to be sent to your system. Please keep the secret key secure and confidential.

Example of usage
const hash = crypto
      .createHash("sha512")
      .update(`TRANSACTION_ID.CUSTOMER_ID.AMOUNT.CURRENCY.YOUR_SECRET_KEY`)
      .digest("base64");

Password

It is crucial to keep the password confidential and not share it with unauthorized individuals, as it can be used to access account funds and associated digital assets.

To sign in to your back office, you will need the email and password configured during onboarding. You can change your password via the back office after the first sign-in or by contacting the .

🏎️
support team
support team