Xendit logo

xendit docs


Xendit API allows developers to access the functionality of Xendit. Some example API methods include accepting payments, sending invoices, disbursing funds, and managing account information.

Xendit authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or deleted, Xendit returns an error.

Every account is provided with separate keys for testing and for running live transactions. All API requests exist in either test or live mode.

There are two types of API keys: secret and public

  • Secret API keys should be kept confidential and only stored on your own servers. Your account's secret API key can perform any API request to Xendit without restriction
  • Public API keys are meant to identify your account with Xendit. In other words, they can safely be published in places like your Xendit.js Javascript code or in an Android or iPhone app. Public keys only have the power to create tokens and authentication for Cards

Each account has a total of two keys after registration process: zero secret key and a pair of public key for test mode and live mode.

You have to create secret key before starting to integrate Xendit via API. See example below.

Note: Use only your test API keys for testing and development. This ensures that you don't accidentally create or modify live transactions.

Create API Key

  1. Visit Xendit Dashboard > Settings > Securityapi
  2. In API Keys - Secret section, click “Create Key” to create new API key. You'll be redirected to a page to configure your key.api
  3. Please assign name to the key. There is no character limit for your key name.
  4. Assign permission(s) to the key. This allows only the minimum level of access that the service needs while protecting account data it doesn't need
  5. You can save your changes when you are done and new key will be shown in the API Keys section and it can be used immediatelyapi
  6. You can edit either the key name or permission(s) to fit your need

Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission

Obtaining your API Keys

  1. Visit Dashboard > Settings > Security
  2. In API Keys - Secret section, Click "View Secret Key" to reveal your secret keyapi
  3. You'll be asked to input your password when viewing the key. Xendit log any API key activities including viewing the key.

Delete API Key

  1. In API Keys - Secret section, click “Delete” on the key that you want to delete
  2. A confirmation page will show up to confirm your action
  3. Click “Cancel” to dismiss your action or click "Delete" to delete the key
  4. api
  5. Note: Once deleted, you will be unable to perform any more actions with the key

Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission

Keeping Your Keys Safe

Your secret API key can be used to make any API call on behalf of your account. You should only grant access to your API keys to those that need them. You should remove your API key if you are no longer required it, especially for customers who are using only Dashboard to process transactions. If an API key is compromised, delete the key in Dashboard to block it and create a new one.


Do you have any idea or feedback to improve this feature? We're always happy to hear from you. Shoot us an email or chat to us in live chat.