This section describes what API keys are and how to retrieve them.
Monnify authenticates your API requests using your account’s API keys. If you do not include your key when making an API request or use one that is incorrect or outdated, Monnify will return an error.
All API requests exist in either test or live mode, and one mode cannot be manipulated by data in the other. To get your live and test API keys sign up here
We use two types of API keys on Monnify: API Keys and Secret Keys
This is required together with your secret key to generate your basic token
This should be kept confidential and only stored on your own servers. Your account’s secret API key can perform any API request to Monnify without restriction. The secret key is used to authorize all your API calls on Monnify.
How to Obtain your API Keys
Your API keys are available on your Monnify Dashboard. You can find it by following the steps below:
Login to your Monnify dashboard.
Navigate to settings.
Select API Keys and Webhooks on the settings tab.
The image below shows you where your unique API Key and Secret Key is located.
You can get your credentials for both live mode and test mode by switching the switch between both choices. See sample below:
Generating New API Keys
In cases where your API keys have been compromised, you can easily generate new API keys. Simply click the 'Reset API Keys' text under the API Keys and Webhooks tab on the Settings page.
This action will deactivate your current API key and secret immediately and new ones will be generated. You'll need to update your integrations (i.e. backend server configurations, mobile apps, websites, etc) with the new values once this is done.
Monnify uses OAuth 2.0 as the basic security protocol. To access monnify endpoints you'd need to get an access token that grants you access to other endpoints.
With Monnify, you can authorize your API calls by generating a token. To get one, you simply need to call the login endpoint. You send HTTP requests with the Authorization header that contains the word Basic followed by a space and a base64-encoded string apiKey:clientSecret.