Authentication

Overview

To interact with the Checkout API, you need to authenticate your requests using your API integration keys. These keys ensure that your payments are securely linked to your business.

How authentication works

You can find your secret key in the Yoco App, on the Yoco payment gateway page after signing up.

The secret key should be included in the header of the API request using bearer authentication and the Authorization header.

To do this, prepend Bearer to the secret key and insert it into the Authorization header:

1Authorization: Bearer <secret-key>
  • Use your Test secret key (sk_test_...) for testing and development.
  • Use your Live secret key (sk_live_...) for real transactions in production.

Never expose your secret key in client-side code or public repositories. Keep it secure on your server.

Test mode

Test mode allows you to test your integration without the risk of affecting real transactions or moving actual money.

To enable test mode, use your Test secret key in the Authorization header.

In test mode, the processingMode field in the Checkout object is set to test. This field is included in the response for checkout creation.

To complete a test payment, use our provided test card details.

  • Your test transactions will not appear in your Sales History.
  • Refunds are not supported for transactions made in test mode.