API keys

Manage your API keys to authenticate requests with Affirm.

Affirm authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, Affirm returns an error.

Every account is provided with separate keys for testing and for running live transactions. All API requests exist in either test or live mode, and objects in one mode cannot be manipulated by objects in the other.

There are also two types of API keys: public and private.

  • Public API keys are meant solely to identify your account with Affirm, they are not private. In other words, they can safely be published in places like your Affirm.js JavaScript code, or in an Android, or iPhone app. Public keys only have the power to create tokens.
  • Private API keys should be kept confidential and only stored on your own servers. Your account’s private API key can perform any API request to Affirm with some restrictions.

Each account has a total of four keys: a public and private key pair for test mode and live mode.

Retrieve your API keys

Your API keys are available in the Merchant Portal.


Use only your test API keys for testing and development. This ensures that you don't accidentally modify your live charges.

If you do not have access to the Dashboard, you may contact your Affirm account’s owner and request to be added.

Sandbox and live modes

The test and live modes function almost identically, with a few necessary differences:

In test mode, payments are not processed by card networks or payment providers, and only our test payment information can be used.

Related topics