Some API requests require some authorisation to either access data or send fund


All APIs that return an error: Unauthorised API access requires you to include the secret key in the header.

  1. Collection of funds API requests only require the public key. The secret key should not be included in the header.

  2. Sending of funds API requests require both the public and secret key. The secret key must be included in the header.

API Keys

Applications keys are what uniquely identifies your merchant account when integrating. Service delivery and issue resolution are all dependent on these keys.

When you create a DusuPay account, you are given two kinds of keys:

  1. Public Key: This is a unique identifier of your merchant account. It is required to make every API request to the platform

  2. Secret Key: This is a unique identifier of your merchant account. It is required to make every API request to the platform

Both the Public and Secret Key have to be included in the API request where authentication is mandatory.

Generating Keys

If you haven't generated your Application keys already, the button to generate them will display on your account dashboard as soon as you select your merchant account at login.

Retrieving Keys

If you have already generated them:

  1. Click settings from the side menu of your account.

  2. Go to API Settings and you will see your public key.


We do not display your secret key under your account because we do not store it in plain text. Once you have generated it on request, we encrypt and store only the encrypted version of it. When you later include it in your authenticated API requests, we encrypt the one you send us and compare it with the encrypted version stored on our side.

Regenerating Keys

To re-generate your keys, you will need to go to > settings > API Settings under your merchant account > Click the edit(pencil icon) button > Click Generate Button

Only the secret key will be re-generated and replaced with the older one. You must copy the newly generated key all the time before clicking the green save button as you will not be able to see it again. You will need to re-generate a new one whenever it's misplaced or compromised since it's used as the API password to your merchant account during API request authentication.

Last updated