Managing your account

Now that you've finished the basics of integrating Openfort into your website, here are few of the account features and processes you'll probably want to understand:

  • Livemode and testing
  • API Keys

Livemode and testing

Every account is divided into two universes: one for testing, and one for running on your live website. All API requests exist in one of those two universes, and objects in one universe cannot be manipulated by objects in the other.

In test mode, transactions don't go through the mainnet network — instead, they go through simple checks in Openfort to validate that they look like they might be valid transactions. In test mode you can use any combination of data that passes these simple checks.

API keys

You'll need to authenticate your requests to access any of the endpoints in the Openfort API. In this guide, we'll look at how to get an API key.

Secret and publishable keys

All accounts have a total of four API keys by default—two for test mode and two for live mode:

  1. Test mode secret key: Use this key to authenticate requests on your server when in test mode. By default, you can use this key to perform any API request without restriction.
  2. Test mode publishable key: Use this key for testing purposes in your web or mobile app’s client-side code.
  3. Live mode secret key: Use this key to authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
  4. Live mode publishable key: Use this key, when you’re ready to launch your app, in your web or mobile app’s client-side code.

Testing and development:
Use only your test API keys for testing and development. This ensures that you don’t accidentally modify your live accounts.

Type Value When to use
Secret

On the server-side: Must be secret and stored securely in your web or mobile app’s server-side code (such as in an environment variable or credential management system) to call Openfort APIs. Don’t expose this key on a website or embed it in a mobile application.

Publishable

On the client-side: Can be publicly-accessible in your web or mobile app’s client-side code (such as checkout.js) to securely collect payment information.

Reveal an API secret key for test mode

Openfort APIs use your secret key to authenticate requests from your server. To find your API secret key for test mode:

  1. Open the API keys page.
  2. Under Standard keys, in the Secret key row, click Reveal test key and save the value.