Authentication
The authentication process allows you to interact with our API services.
Account environments
Your Notch Pay account has two different modes of operation:
-
Live Mode: This mode involves real transactions with actual money and effects. Prior to switching to this mode, we advise thoroughly testing your integration.
-
Test Mode: This mode does not involve real money and can only make use of our test credentialss. Despite the absence of real money, we still send webhooks and email notifications, and most API functions are retained.
Switching between Live and Test modes is a simple task, facilitated by the toggle button located at the header. Upon toggling between modes, the displayed API keys will swap correspondingly.
All requests made on Notch Pay require an authentication key. The authentication key is available in the merchant's dashboard. If you don't have Notch Pay Business cccount create it now.
API Keys
When a user creates a Notch Pay account, they are provided with three categories of API keys:
-
Public Sanbox key, which is use for test environment.
-
Public key, which is employed for "public" scenarios like in front-end JavaScript code.
-
Private key, which is exclusively used with high risk endpoint sush as transfer. Therefore great caution should be exercised to ensure that it is never exposed to the public.
To obtain your keys, follow these steps:
-
Log in to your Notch Pay dashboard.
-
Select the API Keys option
Authorizing API calls
Every API call made on Notch Pay is duly authenticated. If API requests are made without proper authorization, it will result in a failure with the HTTP status code 401: Unauthorized.
Hey, heads up! Your secret key is super powerful and can basically do whatever it wants on your Notch Pay account. So make sure you keep it confidential and store it only on your servers, preferably as an environment variable. And here's a friendly reminder: don't include it in your Git repository or front-end JavaScript code.
To ensure authorization of API calls from your server, it is necessary to pass your public key as a autorization value. This can be accomplished by passing an Authorization header with a value of "YOUR_PUBLIC_KEY".
For example, an API call could look like.
This endpoint allows you to retrieve your merchant information's.
- Name
Authorization : PUBLIC_KEY
- Type
- Description
Ping
curl --location --request GET 'https://api.notchpay.co' \
--header 'Authorization: PUBLIC_KEY'
Response
{
"code": "200",
"message": "OK",
"greeting": "Hello from Notch Pay",
"merchant": "Shopperlabs",
"env": "production"
}