Xendit authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or deleted, Xendit returns an error.
Every account is provided with separate keys for testing and for running live transactions. All API requests exist in either test or live mode.
There are two types of API key:
Each account has a total of two keys after registration process: a pair of public key for test and live mode. You'll have zero secret key when you start. This default setup is to prevent secret key being compromised for customers who are not integrating with Xendit using API. You can create or delete key according to your needs in Dashboard.
Note: Use only your test API keys for testing or development. This ensures that you don't accidentally create or modify live transactions.
Each API key has permission of a product that you can configure. There are three types of API key permission
API Keys page