If we want to understand what an API public key is, we have to first understand what and API is. Afterwards, we would be making you understand what an API public key is.
What is an API?
Technically, API stands for Application Programming Interface. Most large companies who have built APIs, have built these APIs for their customers, or for internal use.
To the browser (chrome, firefox, safari, etc.), also known as the client, website’s server for example is an API. This means that every time you visit a page on the Web, you interact with some remote server’s API. An API isn’t the same as the remote server — rather it is the part of the server that receives requests and sends responses. To the users, APIs allow them to complete the action without leaving your website.
API Key – What is an API Key?
An API key or application programming interface key is a code that gets passed in by computer applications. The program or application then calls the API or application programming interface to identify its user, developer or calling program to a website. Application programming keys are normally used to assist in tracking and controlling how the interface is being utilized. Often, it does this to prevent abuse or malicious use of the API in question. An API key can act as a secret authentication token as well as a unique identifier. Typically, the key will come with a set of access rights for the API that it is associated with.
API keys are used with projects, while authentication is designated for the users. Cloud Endpoints will, in many cases, handle both the authentication procedures as well as the API keys. The differentiating factor between the two is:
- Authentication tokens are used to identify the users, i.e., the person who is using that particular website or application.
- API keys are used to identifying the project making the call. This can either be the website or the application that is making the call to the application programming interface.
API key and secret is practically username and password, but they are rarely in human readable form because they are used by others programs to login to your application rather than by humans.
So they are long and random looking, but they are regardless username password pairs.
Public and private key encryption is a whole different dimension.
Think of public-private key pairs as a lock that has two keys, blue and red. If you lock it with blue, you can only open with red, and if you lock with red, you can only open with blue.
The Public Key is what its name suggests – Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner.
In that sense, public-key encryption is actually quite symmetric. It’s only called public-private because of how we use it, we keep the red key in our pocket, and make copies of the blue key and pass it around, so anyone can lock boxes coming to us, and only we can open it.
So that means that API owners like PAYSTACK for example, creates a copy of the public key for all their customers who want to have access to their API but have the private key and as such no public key can decrypt another public key rather the information in the passes in the API is secured until it gets to PAYSTACK server and is decrypt using the private key.
What is the Callback URL?
The callback URL is a web address of where you want your customers to be redirected to after a successful payment is made. This could be your social media page, your website – you can even redirect them to send you a message on Whatsapp! If you would like to set up a callback URL simply paste the link in the appropriate callback URL field.
What is the Webhook URL?
A Webhook is a link on your server to which Paystack sends information for successful transactions that go through your account. This is important in cases where, for example, a customer doesn’t get redirected to your callback URL after a successful transaction. In this case, our server sends your webhook URL a notification so you can provide value. If you would like to set up webhooks, simply paste the link on your server in the appropriate webhook URL field.
How do I get a new secret key?
- On your Dashboard, go to the settings page and click on ‘API Keys & Webhooks‘.
- Underneath both your live and test secret keys, you will see the option to ‘Generate new secret key’. Click on this.
- When you select this, you have the option to choose when your old key expires and provide a password to complete the process. Once you’re done, hit ‘Generate new secret key’.
Paystack will deactivate your old secret key based on the time you specify, however you will get your new key immediately.
Who can generate new API keys?
Only admins and the main owner of the business are able to generate new API keys. Every change made to your API keys will be recorded on your audit logs.
APIs make it possible for programs to communicate and share data with each other efficiently. In our case, Paystack’s APIs allows your website to communicate and share data with Paystack’s server.
Because APIs allow our server share data with your website when you make a request, we need to be able to confirm that you are the one making the request through your website. This is where API Keys come into play. When your website sends or requests data from Paystack servers, it needs to send them along with the API Keys from your Dashboard, else the request will be denied.