Key Management

There are 5 different types of API keys, and 2 types of Terminal keys. All API key types has in common that there are a public and a private keyset of each key. It is easy to identify if you are using a private or public key based on the key itself. A private key look like this private_NcJLSUopVNjr8LagML2i6D9h and a public key look like this public_WavQYR5QWUwQavPFWjQR5733


Private and Public keys?

Private keys are user for server-to-server communication. In general places where customers can not see your key. (private places)

Public keys are non-secret keys that only identifies your account, and are used in the public domain, such as in JavaScripts, iOS and Android SDKs etc. In general places where customers may see your key. (public places)

The API spec will tell you which key to use and let you know if you are using the wrong key.

Key TypeFor who?
MerchantApiKey aka Merchant Root KeyMerchants
TerminalApiKeyPOS Terminals
VendingApiKeyVending Machines Telemetry
TenantApiKeyFor platform operators

MerchantApiKey (Merchant Root Key) and SalesChannelApiKey's are always generated automatically and can be accessed and rolled by the merchant in the Dashboard.

TerminalApiKey and VendingApiKey are generated automatically when needed, and can be accessed and rolled by the merchant in the Dashboard.

TenantApiKey is generated by request only, and sent via a special encrypted system. TenantApiKeys can't be recovered if lost. But they can be rolled. Contact your account manager if you need this key

SRED DUKPT Keys and PIN DUKPT Keys are only retrieved via the API in the remote_key_injection endpoint. Those keys are encrypted under other keys and instantly becomes invalid once they have reached the terminal.


Did you post your private key in the public domain by mistake - or had an employee with key access leaving?

Login to your Dashboard an find the key that you "lost". Merchant keys are located in the merchant settings are and sales channel keys in sales channel settings. On each place you will find a function which lets you roll the key. You can choose to roll immediately or issue a new key and let the old key be valid for another 12 hour so you have time deploying the new key. Choose wisely depending on your situation.