API Key Setup - Gafiapay API Documentation

Learn how to set up and manage your API keys for secure access to the Gafiapay API.

Getting Your API Keys

To access the Gafiapay API, you'll need to generate API keys from your business dashboard. Follow these steps:

Step-by-Step Guide

Log into Your Dashboard

Access your Gafiapay business dashboard using your credentials.

Navigate to API Settings

Go to the API Settings section in your dashboard.

Generate New API Key

Click on "Generate New API Key" to create a new key pair.

Save Your Keys Securely

Copy and store your API key and secret key in a secure location. You won't be able to view the secret key again.

API Key Structure

Your API key will be a unique identifier that looks like this:

sbp_live_1234567890abcdef1234567890abcdef

Security Best Practices

⚠️ Never Share Your Keys

Keep your API keys confidential. Never commit them to version control or share them publicly.

🔒 Use Environment Variables

Store your API keys in environment variables or secure configuration files.

🔄 Rotate Keys Regularly

Regularly rotate your API keys to maintain security. Generate new keys and update your applications.

Environment Setup Examples

Code Examples

Select your preferred programming language to view the implementation

JavaScript Example

// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
require('dotenv').config();
const apiKey = process.env.GAFIAPAY_API_KEY;
const secretKey = process.env.GAFIAPAY_SECRET_KEY;

// Example API request
const axios = require('axios');

const headers = {
  'x-api-key': apiKey,
  'x-signature': generateSignature(requestBody, timestamp, secretKey),
  'x-timestamp': Date.now(),
  'Content-Type': 'application/json'
};

const response = await axios.post('https://api.gafiapay.com/api/v1/external/account/generate', requestBody, { headers });

Python Example

# .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

# Usage in your code
import os
from dotenv import load_dotenv
import requests

load_dotenv()
api_key = os.getenv('GAFIAPAY_API_KEY')
secret_key = os.getenv('GAFIAPAY_SECRET_KEY')

# Example API request
headers = {
    'x-api-key': api_key,
    'x-signature': generate_signature(request_body, timestamp, secret_key),
    'x-timestamp': str(int(time.time() * 1000)),
    'Content-Type': 'application/json'
}

response = requests.post('https://api.gafiapay.com/api/v1/external/account/generate', json=request_body, headers=headers)

PHP Example

// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
$apiKey = $_ENV['GAFIAPAY_API_KEY'];
$secretKey = $_ENV['GAFIAPAY_SECRET_KEY'];

// Example API request
$headers = [
    'x-api-key: ' . $apiKey,
    'x-signature: ' . generateSignature($requestBody, $timestamp, $secretKey),
    'x-timestamp: ' . round(microtime(true) * 1000),
    'Content-Type: application/json'
];

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.gafiapay.com/api/v1/external/account/generate');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($requestBody));
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$response = curl_exec($ch);
curl_close($ch);

Ruby Example

# .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

# Usage in your code
require 'dotenv'
require 'net/http'
require 'json'

Dotenv.load
api_key = ENV['GAFIAPAY_API_KEY']
secret_key = ENV['GAFIAPAY_SECRET_KEY']

# Example API request
uri = URI('https://api.gafiapay.com/api/v1/external/account/generate')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request['x-api-key'] = api_key
request['x-signature'] = generate_signature(request_body, timestamp, secret_key)
request['x-timestamp'] = (Time.now.to_f * 1000).to_i.to_s
request['Content-Type'] = 'application/json'
request.body = request_body.to_json

response = http.request(request)

Java Example

// .env file
GAFIAPAY_API_KEY=sbp_live_1234567890abcdef1234567890abcdef
GAFIAPAY_SECRET_KEY=your_secret_key_here

// Usage in your code
import java.util.Properties;
import java.io.FileInputStream;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;

Properties props = new Properties();
props.load(new FileInputStream(".env"));
String apiKey = props.getProperty("GAFIAPAY_API_KEY");
String secretKey = props.getProperty("GAFIAPAY_SECRET_KEY");

// Example API request
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.gafiapay.com/api/v1/external/account/generate"))
    .header("x-api-key", apiKey)
    .header("x-signature", generateSignature(requestBody, timestamp, secretKey))
    .header("x-timestamp", String.valueOf(System.currentTimeMillis()))
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(requestBodyJson))
    .build();

HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());

Testing Your API Key

You can test your API key by making a simple request to the health check endpoint:

curl -X GET 'https://api.gafiapay.com/v1/health' \
  -H 'x-api-key: your_api_key_here' \
  -H 'x-signature: generated_signature' \
  -H 'x-timestamp: current_timestamp'

Troubleshooting

Invalid API Key Error

If you receive an "Invalid API key" error:

Verify that your API key is correct and complete
Ensure your API key is active in the dashboard
Check that you're using the correct key for your environment (live/test)

Signature Verification Failed

If signature verification fails:

Ensure you're using the correct secret key
Verify that your signature generation algorithm is correct
Check that the timestamp is within the allowed window

List Accounts

Webhook Integration