instamoney docs

API

Instamoney API allows developers to access the functionality of Instamoney. Some example API methods include accepting payments, disbursing funds, and managing account information.

Instamoney authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or deleted, Instamoney returns an error.

Every account is provided with separate keys for testing and for running live transactions. You’ll have zero secret key when you registered your account. This default setup is to prevent secret key being compromised for customers who are not integrating with Instamoney using API. You can generate or delete key according to your needs in Dashboard.

Note: Use only your test API keys for testing or development. This ensures that you don't accidentally create or modify live transactions.

Each API key has permission of a product that you can configure. There are three types of API key permission:

  1. None

    No product access granted, meaning you forbid your API key to perform any action

  2. Read

    Granting the ability to read-only access or fetch data using API of a specific product. You’ll grant Read access if you only need to, for example, get your account balance or get payment detail.

  3. Write

    Granting the ability to read and write data using API. You’ll grant Write access if you want to read or perform action ie create VA, create Disbursement, get VA, etc

Generate API Key

  1. Visit Instamoney Dashboard > Settings > Security
  2. In Secret API Keys section, click “Generate a new key" to generate new API key. You'll be redirected to a pop up to configure your key name and permissions.
  3. Please assign name to the key. There is no character limit for your key name.
  4. Assign permission(s) to the key. This allows only the minimum level of access that the service needs while protecting account data it doesn't need
  5. Click "Generate". New key will be shown to you and it can be used immediately. The key will only be shown once during the generation process, so make sure you saved it somewhere safe.
  6. You can edit either the key name or permission(s) to fit your need
  7. Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission

Delete API Key

  1. In Secret API Keys section, click “Delete” on the key that you want to delete
  2. A confirmation page will show up to confirm your action
  3. Click “Cancel” to dismiss your action or click "Delete" to delete the key
  4. Note: Once deleted, you will be unable to perform any more actions with the key

Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission

Keeping Your Keys Safe

Your secret API key can be used to make any API call on behalf of your account. Here are some recommendation to keep your key safe:

  1. Treat your API key like your password. Do not share API key or embed it directly into code. Save it in a secure place or use secret management approaches instead
  2. Restrict API key access by specifying the minimum required permissions per key
  3. Rotate API keys periodically
  4. Revoke API keys' permissions if they are no longer in use
  5. Remove unused API keys

Questions?

Still have more questions? We're always happy to help however we can. Shoot us an email or chat to us in live chat.