API Authentication

INTEGRATION TOOLKIT

Try our Integration

Most APIs in this integration require authentication. The only exception is the /orders/sessions API, which does not require any authentication and can be safely done from the browser as well.

Merchant Authentication

  • The standard authentication for merchants uses two specific headers x-client-id and x-client-secret. Please pass your appId and secretKey in these fields. (see the screenshot below to access these from the dashboard)
  • Please ensure that your secret key is securely placed and cannot be accessed by anyone.
  • Also never call any API which requires authentication from the client as that would require you to expose the secret key to the client.

Below is a curl request which shows how to pass these headers in the API call.

curl --request {REQUEST-TYPE} \
  --url https://sandbox.cashfree.com/pg/{resource} \
  --header 'Content-Type: application/json' \
  --header 'x-api-version: 2023-08-01' \
  --header 'x-client-id: <YOUR_APP_ID>' \
  --header 'x-client-secret: <YOUR_SECRET_KEY>'
  ...
  ...

Generate and View API Keys

To access API keys,

  1. Go to Payment Gateway Dashboard > and click on Developers icon in the right navigation or click Developers on the top right of the merchant dashboard.
  2. Click API Keys under Payment Gateway.
    In the test environment, API keys will be auto-generated. In the production environment, click Generate API Keys and complete the OTP authentication to generate the keys. However, you will be able to generate production API keys only after your Payment Gateway product is activated.
  3. Once generated, the API keys are shown in a masked format. To view the full set of keys, click the ellipsis icon and select View API Key. In the production environment, you would be required to do OTP authentication to view the keys. You can download the API keys if required.
3456

View API Keys

๐Ÿ“˜

  1. Only one API key pair can be generated at a time.
  2. Once you generate the keys from the dashboard, secure them in a folder. If it is lost, you need to re-generate them from the dashboard.
  3. Do not share your API key with anyone.

Partner Authentication

To use Payment Gateway APIs for Partner Auth integration, x-partner-apikey and x-partner-merchantid is required instead of the x-client-id and x-client-secret headers. Partners must use the following headers:

  • x-partner-apikey: This is the common API Key generated and unique for each Partner
  • x-partner-merchantid: This is the unique merchant ID for each merchant associated with the Partner.
    The view the merchant ID for each merchant, login to your Cashfree Partner Dashboard with your partner login credentials > go to the Merchants section, and copy the Merchant ID of the respective merchant.

Click here to know how to generate partner authentication keys.

Sample Curl request for Create Order API is available below:

curl --request POST \
    --url https://sandbox.cashfree.com/pg/orders \
    --header 'accept: application/json' \
    --header 'content-type: application/json' \
    --header 'x-api-version: 2023-08-01' \
    --header 'x-partner-apikey: <insert partner api key>' \
    --header 'x-partner-merchantid: <insert merchant id>' \
    --data '
{
    "order_id": "string",
    "order_amount": 10,
    "order_currency": "INR",
    "customer_details": {
    		"customer_id": "7112AAA812234",
    		"customer_email": "[email protected]",
    		"customer_phone": "9908734801"
    },
    "order_meta": {
    		"return_url": "https://b8af79f41056.eu.ngrok.io?order_id={order_id}",
    		"notify_url": "https://b8af79f41056.eu.ngrok.io/webhook.php"
    },
    "order_expiry_time": "2021-07-29T00:00:00Z",
    "order_note": "Test order",
    "order_tags": {
    		"additionalProp": "string"
    },
    "order_splits": [
        {
           "vendor_id": "Vendor01",
           "amount": 5
         }
    ]
}
'