Test Mode vs Live Mode
There are two "modes" of operation for your Transflo account:
Live Mode: Real money, real transactions, real effects. Only switch to this after you've tested your integration thoroughly.
Test Mode: No real money is involved. We'll still send webhooks, and most of the API functions the same.
API keys
It can authorize any action on your account, so it should never be exposed to the public.
To get your keys:
- Log in to your Transflo dashboard
- Navigate to Settings
- Select API keys from API & Webhook section to view and copy your keys
Don't take any chances
If you think your keys may have been compromised (for instance, you accidentally committed them to Git), you should immediately generate new ones using the Generate new keys button on the Settings> API & Webhook page on your dashboard. This will invalidate all existing keys and give you a new set, and you can then update your app to use the new ones.
Authorizing API calls
All API calls on Transflo are authenticated. API requests made without authorization will fail with the status code 401: Unauthorized.
Your api key can perform any actions on your Transflo account without restriction. It should be kept confidential and only stored on your servers, preferably as an environment variable. It should not be included in your Git repository or front-end JavaScript code.
To authorize API calls from your server, pass your API key as a bearer token. This means passing an Authorization header with a value of "Bearer: {secret_key}".