API
Instamoney API allows developers to access the functionality of Instamoney. Some example API methods include accepting payments, disbursing funds, and managing account information.
Instamoney authenticates your API requests using your account's API keys. If you do not include your key when making an API request, or use one that is incorrect or deleted, Instamoney returns an error.
Every account is provided with separate keys for testing and for running live transactions. You’ll have zero secret key when you registered your account. This default setup is to prevent secret key being compromised for customers who are not integrating with Instamoney using API. You can generate or delete key according to your needs in Dashboard.
Note: Use only your test API keys for testing or development. This ensures that you don't accidentally create or modify live transactions.
Each API key has permission of a product that you can configure. There are three types of API key permission:
-
None
No product access granted, meaning you forbid your API key to perform any action
-
Read
Granting the ability to read-only access or fetch data using API of a specific product. You’ll grant Read access if you only need to, for example, get your account balance or get payment detail.
-
Write
Granting the ability to read and write data using API. You’ll grant Write access if you want to read or perform action ie create VA, create Disbursement, get VA, etc
Generate API Key
- Visit Instamoney Dashboard > Settings > Security
- In Secret API Keys section, click “Generate a new key" to generate new API key. You'll be redirected to a pop up to configure your key name and permissions.
- Please assign name to the key. There is no character limit for your key name.
- Assign permission(s) to the key. This allows only the minimum level of access that the service needs while protecting account data it doesn't need
- Click "Generate". New key will be shown to you and it can be used immediately. The key will only be shown once during the generation process, so make sure you saved it somewhere safe.
- You can edit either the key name or permission(s) to fit your need
Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission
Delete API Key
- In Secret API Keys section, click “Delete” on the key that you want to delete
- A confirmation page will show up to confirm your action
- Click “Cancel” to dismiss your action or click "Delete" to delete the key
Note: Once deleted, you will be unable to perform any more actions with the key
Note: This feature is only available for Secret API Keys and user with Admin and Manage Tech Settings permission
Keeping Your Keys Safe
Your secret API key can be used to make any API call on behalf of your account. Here are some recommendation to keep your key safe:
- Treat your API key like your password. Do not share API key or embed it directly into code. Save it in a secure place or use secret management approaches instead
- Restrict API key access by specifying the minimum required permissions per key
- Rotate API keys periodically
- Revoke API keys' permissions if they are no longer in use
- Remove unused API keys
Questions?
Still have more questions? We're always happy to help however we can. Shoot us an email or chat to us in live chat.