Guides
Go to payrails.com
Start typing to search…

API credentials

Create and manage your API credentials to communicate with Payrails.

Introduction

API credentials for your merchant account are created and managed in the Payrails Portal. Obtaining a Client ID and Client Secret, are essential for integrating and interacting with the Payrails API in your application.

Prerequisites

You need to have the organization-admin or organization-developer role (roles & permissions) to access API-credential from the organization context (organization).

In case you're using our Sandbox mode, please ask our team to provide you with the API credentials for testing.

Obtaining API Credentials from the Portal

  1. Login to your Payrails Portal (https://<merchant name>.payrails.io)
  2. Navigate to the API Credentials Page in the Organization context
  3. Create API Credentials
    1. On the API credentials page, click the "Create credentials" button in the top right
    2. Provide a name for your API credentials
    3. Click on the "Create" button
  1. Retrieve Client ID and Client Secret
    1. After creating credentials, you will be redirected to a new screen displaying the Client ID and Client Secret.
    2. Important: Copy both the Client ID and Client Secret immediately.
    3. Note: The Client Secret is revealed only once and will not be displayed again if the page is refreshed.
  1. Use Credentials in Your Application
    1. Integrate the copied Client ID and Client Secret into your application that will be using the Payrails API.

Rotating API Secret

  1. Navigate to API Credentials Page in the Portal
  2. Select API Key to Rotate
  3. Rotate API Secret
    1. Click on the "Rotate" button for the selected API key.
    2. Confirm the rotation action.
  4. Retrieve New Client Secret
    1. After rotation, the previous Client Secret becomes invalid immediately.
    2. Copy the new Client Secret as it will only be displayed once.
  5. Update Your Application
    1. Save the newly rotated Client Secret.
    2. Update your application with the new Client Secret to ensure uninterrupted access to the Payrails API.

Important Notes

  • API keys should be as restrictive as possible. Internally, keep track of which systems/users have access to it.
  • Pay attention to the one-time display of the Client Secret during the creation and rotation process.
  • Ensure to update your application immediately with the new Client Secret to avoid any disruption in API access.
  • The previous Client Secret becomes invalid once rotated and should not be used for further API requests.
  • Once an access token is generated the standard TTL is 1 hour after which a token has to be regenerated
  • There are no upper limits for generating an access token. You can generate as many as necessary for a given API key

Updated 3 months ago