Credentials
OxPay uses API Keys and optional integrity Sign Keys to authenticate and authorize API requests.
- API Keys identify your application
- Sign Keys help verify message integrity when enabled
How to Get Your API Credentials
- Log in to the OxPay Merchant Portal
- Navigate to Configurations
- Navigate to API Keys
- Click Add New Key
- Select Merchant Name
- Select Read and Create
- Click Save
- A text file will be downloaded to your local PC
API Key
What is it?
The API Key tells OxPay that the request is coming from your business.
You can think of it like a membership card number that identifies your company.
Sign Key
What is it?
The Sign Key adds an extra layer of security by ensuring payment details are not changed while being sent to OxPay.
You can think of it like a tamper-proof seal on an envelope.
Simple Example
- Your system prepares a payment request (amount, order number, etc.)
- It creates a digital seal using the Sign Key
- OxPay checks the seal when it receives the request
If the details were changed, OxPay will reject the request.
Example Flow (End-to-End)
Here is a simple overview of what happens during a payment:
- A customer makes a payment on your website or app
- Your system sends payment details to OxPay
- The API Key is included in the request headers
- The Sign Key is included in the request to provide data verification
- OxPay processes the payment and sends back the result
ℹ️ You do not need to manually perform these steps — they happen automatically.