Authentication
Moyasar's API uses API Keys to authenticate requests.
You can view and manage your API keys in the Moyasar Dashboard.
Sending cardholder data to the merchant backend is prohibited and will result in canceling the agreement between Moyasar and the merchant in addition to the immediate termination of the service.
To solve this issue, Moyasar has implemented the publishable API key a mechanism for the merchant to start payments directly from the frontend or tokenize card payments for later use from the merchant's backend.
The publishable API key is restricted to a single operation only:
- Create Payment
With this restriction, this API key is safe to be shipped into client code like browsers and mobile apps.
The secret API key allows you to perform all operations related to your account.
Unlike the publishable API key, the secret API key must be secret and only used from the merchant backend code.
If for any reason this key is leaked, the merchant is advised to immediately regenerate their API keys through the settings page in Moyasar Dashboard.
Moyasar provides a sandbox environment for testing purposes, Using the test mode doesn't affect your live data or interact with the banking networks. This allows you to test your integration and ensure that everything is working correctly before going live with actual payments.
Test API keys are prefixed with the following keywords:
- pk_test_
- sk_test_
Live API keys on the other hand are prefixed with the following keywords:
- pk_live_
- sk_live_
Authentication to the API is performed via HTTP Basic Auth.
You should send the Basic authentication scheme with the following fields:
- Username: <your_api_key>
- Password: <EMPTY>
The password must be kept empty
All API call must be made over HTTPS, any API call made over HTTP will be rejected.
Here is an example of the List Payments endpoint in different programming languages
You must replace sk_test_123 with your API key.