There are 5 different types of API keys, and 2 types of Terminal keys. All API key types has in common that there are a public and a private keyset of each key. It is easy to identify if you are using a private or public key based on the key itself. A private key look like this
private_NcJLSUopVNjr8LagML2i6D9h and a public key look like this
Private and Public keys?
Private keys are user for server-to-server communication. In general places where customers can not see your key. (private places)
The API spec will tell you which key to use and let you know if you are using the wrong key.
MerchantApiKey aka Merchant Root Key
Vending Machines Telemetry
For platform operators
SRED DUKPT Keys
POS Terminals E2EE
PIN DUKPT Keys
POS Terminals PIN
MerchantApiKey (Merchant Root Key) and SalesChannelApiKey's are always generated automatically and can be accessed and rolled by the merchant in the Dashboard.
TerminalApiKey and VendingApiKey are generated automatically when needed, and can be accessed and rolled by the merchant in the Dashboard.
TenantApiKey is generated by request only, and sent via a special encrypted system. TenantApiKeys can't be recovered if lost. But they can be rolled. Contact your account manager if you need this key
SRED DUKPT Keys and PIN DUKPT Keys are only retrieved via the API in the
remote_key_injection endpoint. Those keys are encrypted under other keys and instantly becomes invalid once they have reached the terminal.
Did you post your private key in the public domain by mistake - or had an employee with key access leaving?
Login to your Dashboard an find the key that you "lost". Merchant keys are located in the merchant settings are and sales channel keys in sales channel settings. On each place you will find a function which lets you roll the key. You can choose to roll immediately or issue a new key and let the old key be valid for another 12 hour so you have time deploying the new key. Choose wisely depending on your situation.