OwnPay uses API keys for authentication. All API requests must include a valid API key.
- Public Key (
op_live_...) - Used in client-side code
- Secret Key (
op_secret_...) - Used for server-side authentication
Generating keys
- Log in to OwnPay admin
- Go to Developers > API Keys
- Click Generate API Key
- Choose access level (Full Access or Read-Only)
- Copy both keys immediately
Keys are shown once only. Store them in environment variables, never in code.
Using keys
PHP SDK
Node.js SDK
Key security
- Never commit keys to git repositories
- Use environment variables for storage
- Rotate keys every 90 days
- Use separate keys per application
- Monitor API usage for anomalies
- Revoke unused keys immediately
Key rotation
- Generate a new key pair
- Update all applications to use the new key
- Test in production
- Delete the old key
- Verify no errors
Error codes