Some API requests require some authorisation to either access data or send fund
All APIs that return an error: Unauthorised API access requires you to include the secret key in the header.
Collection of funds API requests only require the public key. The secret key should not be included in the header.
Sending of funds API requests require both the public and secret key. The secret key must be included in the header.
Applications keys are what uniquely identifies your merchant account when integrating. Service delivery and issue resolution are all dependent on these keys.
When you create a DusuPay account, you are given two kinds of keys:
Public Key: This is a unique identifier of your merchant account. It is required to make every API request to the platform
Secret Key: This is a unique identifier of your merchant account. It is required to make every API request to the platform
Both the Public and Secret Key have to be included in the API request where authentication is mandatory.
If you haven't generated your Application keys already, the button to generate them will display on your account dashboard as soon as you select your merchant account at login.
If you have already generated them:
Click settings from the side menu of your account.
Go to API Settings and you will see your public key.
We do not display your secret key under your account because we do not store it in plain text. Once you have generated it on request, we encrypt and store only the encrypted version of it.
When you later include it in your authenticated API requests, we encrypt the one you send us and compare it with the encrypted version stored on our side.
To re-generate your keys, you will need to go to > settings > API Settings under your merchant account > Click the edit(pencil icon) button > Click Generate Button
Only the secret key will be re-generated and replaced with the older one.
You must copy the newly generated key all the time before clicking the green save button as you will not be able to see it again.
You will need to re-generate a new one whenever it's misplaced or compromised since it's used as the API password to your merchant account during API request authentication.