Appearance
Auth
Magma OnePay API V1
Magma OnePay API V1 allows your app to interact with our payment/transfer platform. This guide will help you set up and manage your API keys, understand different operating modes, and use the keys properly for secure transactions.
Understanding Secret Key
The secret key is a string of at least 40 characters that you must define yourself when filling out the API Key (private key) generation form. It must contain letters, numbers, and special characters from the following list: @$!%*#?&-_ .
Understanding API Keys
API keys are the "passwords" that let your application access Magma OnePay API V1. Keep these keys private to maintain the security of your transactions. You can manage these keys from your Dashboard. Note that sharing these keys in public places like GitHub or in client-side code is not recommended due to security risks.
Getting API Keys
You can generate your API keys by logging into your account and navigating to the Dashboard. If you encounter any issues while generating them, please contact the account owner, as they may need to grant you additional permissions.
Once an API key is generated, make sure to store it securely. For security reasons, it will not be displayed again on the dashboard.
API keys work in conjunction with the secret key. An API key is useless without the secret key, and likewise, the secret key cannot be used without valid API keys.
API Key Types
There are two API keys that must be explicitly configured and generated by the user via the dashboard:
Secret key: Defined and provided by the user, this key adds an extra layer of security to API calls. It must remain strictly confidential and should only be used on the server side.
Private key: Generated from the dashboard, this key is used to make server-side API calls. It must remain strictly confidential and must never be exposed in client-side code.
⚠️ Environment separation (Sandbox vs Production) API keys generated in the Sandbox environment can only be used for testing purposes and cannot be used in Production. Likewise, Production API keys are strictly reserved for live environments and must not be used in Sandbox.
Make sure to always use the appropriate keys for each environment to avoid authentication errors and potential security issues.
Modes of Operation
Magma OnePay API V1 operates in two modes: test mode and live mode.
- Test mode: Use this mode when you're still developing your app. It simulates API interactions but doesn't process real payments.
- Live mode: Use this mode when your app is ready to process real transactions and accept actual payments.
How to Use Your API Keys
Depending on the mode you are using (test or live), make sure to use the corresponding keys.
Secret key: Defined by the user, this key adds an extra layer of security to API calls. It must be kept confidential and used only on the server side.
Private key: Generated from the dashboard, this key is used to authenticate and perform server-side API calls. It must remain strictly confidential and must never be exposed publicly.
Keep Your API Keys Secure
Your secret API key can perform any transaction on your behalf. To keep it safe:
- Limit access to people who really need it.
- Keep it out of version control systems.
- Use a password manager or a secrets management service to store it.
- Don't include your secret API key in mobile apps or other extractable locations.