Key Types Explained
Master Key
The root credential for your institution. Only Super Admins can generate this. Used to bootstrap system identity.
Access Key ID
Public identifier sent in the x-access-key-id header for every API request.
Access Key (Secret)
Private shared secret used to calculate HMAC-SHA256 signatures. Never shared via API; only displayed once on generation.
Auth Code
A business-level token used to segment transactions (e.g., by merchant type or region). Mandatory for all transaction notifications.
Dashboard Actions
Generate New: Immediately invalidates the previous key (if configured without overlap) and provides a new secret.
Revoke / Retire: Permanently disables a key. Use this in case of credential compromise.
Download JWKS: Exports the public key set required for payload encryption (JWE/JWS).
