API Keys

API keys are required to authenticate requests with Affirm. This guide provides an overview of private and public API keys.

Overview

Affirm authenticates your API requests using your account’s API keys. If you don’t include your key when making an API request or if you use an incorrect or outdated key, Affirm returns an error.

Every account is provided with four API keys:

  • A public key and private key for testing (Sandbox).
  • A public key and private key for running live transactions (Production).

All API requests exist in either testing mode or live mode. Objects in one mode can’t be manipulated by objects in the other mode.

Public API keys identify your account with Affirm. They can safely be published in places like your Affirm.js JavaScript code, or in an Android or iPhone app. Public keys can only create tokens.

Private API keys should be kept confidential and only stored on your own servers. Your account’s private API keys can perform any API request to Affirm with some restrictions.

Retrieve Your API Keys

You can find all four of your API keys in the Merchant Dashboard:

Screenshot of sandbox API keys in the merchant dashboard Screenshot of Production API keys in the merchant dashboard

For details, see Understanding the Merchant Portal: API Keys. If you don’t have access to the Merchant Dashboard, we recommend contacting the owner of your Affirm account to request access.

❗️

Use only your test API keys for testing and development. This ensures that you don't accidentally modify your live charges.

Sandbox and Live Modes

The test and live modes function almost identically, with a few necessary differences.

In test mode, payments aren't processed by card networks or payment providers, and only our test payment information can be used.

Recommended Topics