Payouts depend on the collection method and provider specified when initiating API collection requests
Both the secret and public keys are required to make a payout request. You can always generate a new secret key whenever it gets compromised.
The merchant account can only have one set of keys and therefore when you generate a new secret key, we replace the old one.
Note that, the old key is only replaced when you click the save button on the form where you get displayed the new secret key. Always make sure you click the save button after you have copied the newly generated secret key.
For your account balance security purposes, we require you to white list all the IP addresses where the payout API requests will be initiated from. This is an extra layer of security that helps just in case the API keys have been compromised on your side. This could help safeguard your funds.