Skip to main content
OwnPay uses API keys for authentication. All API requests must include a valid API key.

API key format

  • Public Key (op_live_...) - Used in client-side code
  • Secret Key (op_secret_...) - Used for server-side authentication

Generating keys

  1. Log in to OwnPay admin
  2. Go to Developers > API Keys
  3. Click Generate API Key
  4. Choose access level (Full Access or Read-Only)
  5. Copy both keys immediately
Keys are shown once only. Store them in environment variables, never in code.

Using keys

HTTP Header

PHP SDK

Node.js SDK

Key security

  • Never commit keys to git repositories
  • Use environment variables for storage
  • Rotate keys every 90 days
  • Use separate keys per application
  • Monitor API usage for anomalies
  • Revoke unused keys immediately

Key rotation

  1. Generate a new key pair
  2. Update all applications to use the new key
  3. Test in production
  4. Delete the old key
  5. Verify no errors

Error codes

Last modified on July 15, 2026