Azupay website
Guides
Help CentreService DeskStatus PageDashboard | ProductionDashboard | UATTest Bank
Start typing to search…

API Key Management

Overview

The API Keys API allows you to manage your Client’s API Keys.This API is only available to some Azupay customers. Please get in touch with us for more information.

There are 3 Operations of this API:

  1. Create an API key for your Client
  2. Get an API Key for your Client
  3. Update an API Key for your Client

Creating an API Key

To create an API key for one of your Clients, issue the following API call:

POST https://api.azupay.com.au/v1/client/{clientId}/apiKey
Authorization: SECR_MYBUSINESSID_nR2duCGXlqWSuYJF
Content-Type: application/json
{
  "permissions": [
    "RestAPI/POST/paymentRequest",
    "RestAPI/POST/paymentRequest/refund",
  ],
  "generateHMAC": true
}

This is a very simple request message. Now let's have a look at what you submitted:

  • clientId: your client’s unique identifier that we provide you during the initial onboarding request.
  • permissions: specifies which API endpoints the key is authorised to access
  • generateHMAC: You can choose to generate HMAC keys to write signature headers for your requests.

📘

HMAC adds additional security to your system messages

HMAC Headers provides a way to verify data has not been tampered with in transit, verifies the timestamp when it was sent and by whom.

🚧

HMAC as an additional security measure

API keys with HMAC enabled will require all API calls to have a valid signature to prevent tampering as a security measure. All API calls without a valid HMAC signature will fail - only enable this if you understand how to provide the HMAC signature.

See here for further information on HMAC

Once you submit this request, you will receive a response as the following.

HTTP/2 201 Created
Content-Type: application/json
{
	"keyID": "SECR528792",
	"permittedOperations": [
		"RestAPI/POST/paymentRequest",
	  "RestAPI/POST/paymentRequest/refund"
	]
"enabled": true,
"apiKey" "SECR528792_c0e35aad-c9a8-45e8-be41-30794f138b9c_ckid445474d1d",
"hmacKey": "HMAC_cdeijed78y3jdnjdfhjjnm"
}

Retrieving an API Key

If you need to retrieve an API Key for one of your clients, there are two ways it can be retrieved:

  1. Using the clientID - this will return all of the API Keys for the client
  2. Using the API Key ID - this will return the information for the API Key specified

Using the Client ID

If you want to retrieve all of the API Keys assigned to the client, issue the following API call:

GET https://api.azupay.com.au/v1/client/{clientId}/apiKey
Authorization: SECR_MYBUSINESSID_nR2duCGXlqWSuYJF
Content-Type: application/json
  • clientId: your client’s unique identifier that we provide you during the initial onboarding request.

Once you submit this request, you will receive a response as follows.

HTTP/2 200 OK
Content-Type: application/json
[
	{
		"enabled": true,
		"keyID": "SECR528792",
		"hmacEnabled": false,
		"permittedOperations": [
			"POST/paymentRequest",
		  "POST/paymentRequest/refund"
		]
	},
	{
		"enabled": true,
		"keyID": "SECR589741",
		"hmacEnabled": true,
		"permittedOperations": [
			"POST/paymentRequest",
		  "POST/paymentRequest/refund",
		  "POST/balanceAdjustment",
			"POST/paymentAgreement/changeStatus",
			"POST/paymentAgreement/amendment",
			"POST/paymentInitiation/search",
			"POST/paymentInitiation/refund",
			"POST/paymentAgreement/search",
			"POST/paymentAgreement",
			"POST/paymentInitiation"
		]
	}
}

Note: the secret value will never be returned as Azupay does not store the API keys for security reasons

Using the API Key ID

If you only want to retrieve information about a specific API Key, issue the following API call:

GET https://api-uat.azupay.com.au/v1/client/{clientId}/apiKeys/{apiKeyId}
Authorization: SECR_MYBUSINESSID_nR2duCGXlqWSuYJF
Content-Type: application/json
  • clientId: your client’s unique identifier we provide you during the initial onboarding request.
  • apiKeyId: the ID provided when the API Key was generated via the API or from the dashboard.

Once you submit this request, you will receive a response like the following.

HTTP/2 201 Created
Content-Type: application/json
{
	"keyID": "SECR528792",
	"hmacEnabled": true,
	"enabled": true,
	"permittedOperations": [
		"RestAPI/POST/paymentRequest",
	  "RestAPI/POST/paymentRequest/refund"
	]
}

Disabling and Re-enabling an API Key

To disable an API Key, issue the following API call:

PATCH https://api.azupay.com.au/v1/client/{clientId}/apiKey
Authorization: SECR_MYBUSINESSID_nR2duCGXlqWSuYJF
Content-Type: application/json
{
  "enabled": flase
}

This is a very simple request message. Now let's have a look at what you submitted:

  • clientId: your client’s unique identifier that we provide you during the initial onboarding request.
  • apiKeyId: the ID provided when the API Key was generated via the API or from the dashboard.
  • enabled: Indicates whether the API key is currently active. Set to false to disable it.

Once you submit this request you will receive a 204 response (with no body)

If you need to re-enable the API Key again, use the same request as above but set enabled to true

Updated about 13 hours ago