Authentication
Overview
To interact with the Checkout API, you need to authenticate your requests using your API integration keys. These keys ensure that your payments are securely linked to your business.
How authentication works
You can find your secret key in the Yoco App, on the Yoco payment gateway page after signing up.
The secret key should be included in the header of the API request using
bearer authentication
and the Authorization
header.
To do this, prepend Bearer
to the secret key and insert it into the
Authorization
header:
- Use your Test secret key (
sk_test_...
) for testing and development. - Use your Live secret key (
sk_live_...
) for real transactions in production.
Never expose your secret key in client-side code or public repositories. Keep it secure on your server.
Test mode
Test mode allows you to test your integration without the risk of affecting real transactions or moving actual money.
To enable test mode, use your Test secret key in the Authorization
header.
In test mode, the processingMode
field in the Checkout object is set to test
.
This field is included in the response for checkout creation.
To complete a test payment, use our provided test card details.
- Your test transactions will not appear in your Sales History.
- Refunds are not supported for transactions made in test mode.