API Security

API Key

Xendit provides API keys for you to authenticate and authorize your API requests. Users can only see the issued API key once right after generation. Users can also restrict their API key access to minimize the attack surface. Finally, Xendit provides users the way to delete API key in Dashboard when something unexpected happened (with authentication to confirm action)

Screen to generate API key with configurable permissions

IP Whitelist

Whitelist your server's IPs to secure server-to-server communication between you and Xendit. Non-registered or suspicious IPs will be blocked by Xendit. Register up to 10 IPs in Settings > Developers > IP Whitelist in Dashboard

IP Whitelist