API ReferenceSign In

Quick Start

Last updated 08/26/2020
  1. Login to Xendit Dashboard. Register here if you do not have an account.

  2. To start testing/processing payment to Xendit, you'll need to create and obtain your Secret API key

    1. Make sure you have Admin or Manage Tech Settings permissions before going forward. You can check your permission in Team Member settings
    2. Navigate to API keys settings in Xendit Dashboard
    3. In Secret keys in API Keys section, click Generate secret key to generate your secret key
    4. A pop-up will be prompted to configure your API key name and permission.
      It is highly recommended to keep the API key permission as strict as possible, meaning if you will only use one specific product, we recommend you to create API key that only have the permission of the product you're going to use.
      This restriction ensures safeguard to other products that you don't use in an unfortunate case when your API key is compromised
    5. Click Generate Key
    6. Your secret API key will be shown in the pop-up. You can Copy or Download the key.
      The key will only be displayed once in this pop up and will not be able to be viewed again after the pop up has been closed.
      You can generate new API key anytime when you need to.
    7. You can edit API key name and permissions and also delete API key when you need to
  1. You'll also need to setup callback to receive notification via API from Xendit when there are new data available ie payments data

    1. Set up your server to listen to our callback request. You can use a tool like ngrok to make your endpoint available for receiving callback
    2. Navigate to Callback settings in Xendit Dashboard
    3. In Callback section, find the product you are integrating with under Callback URL section and save your callback URL there
    4. Xendit will attach x-callback-token header in callback request. x-callback-token is a callback token that will allow you to identify Xendit in the callback request. Your x-callback-token value can be found in Callback verification token section inCallback settings
    5. Our server will send callback when there is an event of new data. If your server is under maintenance or down, our system will retry the callback automatically and will stop retrying if we didn't receive any response 3 times
    6. If you don't receive callback, you can find the callback manually in Dashboard and resend them. You can do this by visiting Callback tab in Dashboard.
    7. You can also receive summary of your callback statistics (success and failure) via email every 6 hours. You can enabling the feature in Email Recipient settings section.
  1. Block unauthorised request from unrecognised IP Address by whiteliting your server IP Address

    1. Navigate to IP Whitelist settings in Xendit Dashboard
    2. In IP Whitelists section, Add IP Address to whitelist your server IPs. You can find your IP address by using What's My IP
Was this page helpful?
Yes No