API Key Setup

Learn how to set up and manage your API keys for secure access to the Gafiapay API.

Getting Your API Keys

To access the Gafiapay API, you'll need to generate API keys from your business dashboard. Follow these steps:

Log into Your Dashboard

Access your Gafiapay business dashboard using your credentials.
Navigate to API Settings

Go to the API Settings section in your dashboard.
Generate New API Key

Click on "Generate New API Key" to create a new key pair.
Save Your Keys Securely

Copy and store your API key and secret key in a secure location. You won't be able to view the secret key again.

API Key Structure

Your API key will be a unique identifier that looks like this:

bash

sbp_live_1234567890abcdef1234567890abcdef

Security Best Practices

Never Share Your Keys
Keep your API keys confidential. Never commit them to version control or share them publicly.

Use Environment Variables
Store your API keys in environment variables or secure configuration files.

Rotate Keys Regularly
Regularly rotate your API keys to maintain security. Generate new keys and update your applications.

Environment Setup Examples

javascript
// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
require('dotenv').config();
const apiKey = process.env.GAFIAPAY_API_KEY;
const secretKey = process.env.GAFIAPAY_SECRET_KEY;

// Example API request
const axios = require('axios');

const headers = {
  'x-api-key': apiKey,
  'x-signature': generateSignature(requestBody, timestamp, secretKey),
  'x-timestamp': Date.now(),
  'Content-Type': 'application/json'
};

const response = await axios.post('https://api.gafiapay.com/api/v1/external/account/generate', requestBody, { headers });

python
# .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

# Usage in your code
import os
from dotenv import load_dotenv
import requests

load_dotenv()
api_key = os.getenv('GAFIAPAY_API_KEY')
secret_key = os.getenv('GAFIAPAY_SECRET_KEY')

# Example API request
headers = {
    'x-api-key': api_key,
    'x-signature': generate_signature(request_body, timestamp, secret_key),
    'x-timestamp': str(int(time.time() * 1000)),
    'Content-Type': 'application/json'
}

response = requests.post('https://api.gafiapay.com/api/v1/external/account/generate', json=request_body, headers=headers)

php
// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
$apiKey = $_ENV['GAFIAPAY_API_KEY'];
$secretKey = $_ENV['GAFIAPAY_SECRET_KEY'];

// Example API request
$headers = [
    'x-api-key: ' . $apiKey,
    'x-signature: ' . generateSignature($requestBody, $timestamp, $secretKey),
    'x-timestamp: ' . round(microtime(true) * 1000),
    'Content-Type: application/json'
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.gafiapay.com/api/v1/external/account/generate');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($requestBody));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

ruby
# .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

# Usage in your code
require 'dotenv'
require 'net/http'
require 'json'

Dotenv.load
api_key = ENV['GAFIAPAY_API_KEY']
secret_key = ENV['GAFIAPAY_SECRET_KEY']

# Example API request
uri = URI('https://api.gafiapay.com/api/v1/external/account/generate')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request['x-api-key'] = api_key
request['x-signature'] = generate_signature(request_body, timestamp, secret_key)
request['x-timestamp'] = (Time.now.to_f * 1000).to_i.to_s
request['Content-Type'] = 'application/json'
request.body = request_body.to_json

response = http.request(request)

java
// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
import java.util.Properties;
import java.io.FileInputStream;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;

Properties props = new Properties();
props.load(new FileInputStream(".env"));
String apiKey = props.getProperty("GAFIAPAY_API_KEY");
String secretKey = props.getProperty("GAFIAPAY_SECRET_KEY");

// Example API request
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.gafiapay.com/api/v1/external/account/generate"))
    .header("x-api-key", apiKey)
    .header("x-signature", generateSignature(requestBody, timestamp, secretKey))
    .header("x-timestamp", String.valueOf(System.currentTimeMillis()))
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(requestBodyJson))
    .build();

HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

Testing Your API Key

You can test your API key by making a simple request to the health check endpoint:

curl

curl -X GET 'https://api.gafiapay.com/v1/health' \
  -H 'x-api-key: your_api_key_here' \
  -H 'x-signature: generated_signature' \
  -H 'x-timestamp: current_timestamp'

Troubleshooting

Invalid API Key Error

If you receive an "Invalid API key" error:

Verify that your API key is correct and complete
Ensure your API key is active in the dashboard
Check that you're using the correct key for your environment (live/test)

Signature Verification Failed

If signature verification fails:

Ensure you're using the correct secret key
Verify that your signature generation algorithm is correct
Check that the timestamp is within the allowed window

API Key Setup

Getting Your API Keys

Log into Your Dashboard

Navigate to API Settings

Generate New API Key

Save Your Keys Securely

API Key Structure

Security Best Practices

Environment Setup Examples

Testing Your API Key

Troubleshooting

Invalid API Key Error

Signature Verification Failed