FedaPay authenticates your requests via the API using the API keys of your account. If you don’t include your key when you make a request, or if you use an incorrect or old key, FedaPay will return an error.

Each account is provided with two keys : one for testing and one for live transactions. All requests through the API exist either in test or live mode, and objects (customers, transactions) in one mode cannot be manipulated by objects in the other mode.

There are also two types of API keys: public and secret.

  • Public API keys are only intended to identify your account with FedaPay, they are not secret. In other words, they can be published safely in places like your JavaScript code, or in an Android or iPhone application. Public keys are only used to create tokens.
  • Secret API keys must be kept confidential and stored only on your own servers. The secret API key of your account can make any API request to FedaPay without restriction.

Get your API keys

Your API keys are available on the dashboard of your account.

API keys

Use only your test API keys for testing and development. It prevents you from editing or deleting your real customers or transactions by mistake.

Secure your keys

Your secret API key can be used to perform an operation on behalf of your account. For example, create transactions or make refunds. You should grant access to your API keys only to those who need them. Make sure they do not appear in any version control system you use.

Regenerate keys

If an API key is compromised, regenerate new keys to block it and make it unusable from your dashboard.

Regenerate your api keys


FedaPay has official libraries for different programming languages and mobile platforms.

The PHP library can be installed via Composer

composer require fedapay/fedapay-php

The NodeJs library can be installed via npm

npm install fedapay
On this page