Get Your API Keys

Security keys enable seamless account authentication across the CyoGate gateway's products and features. Depending on your requirements, you can create and manage public and private keys directly through the merchant or partner portals.

Key Types

The CyoGate gateway uses two types of API keys:

• Public Key — Used in client-side code (e.g., with Collect.js) to tokenize payment data. Safe to expose in frontend JavaScript.
• Private Key — Used for server-side API calls to process transactions, manage the Customer Vault, and query data. Must be kept secret and never exposed publicly.

Getting Your API Keys — For Merchants

To generate API keys as a merchant:

1. Log into your Merchant Control Panel
2. Navigate to Settings > Security Keys
3. Click Add a New Key
4. Enter a descriptive Key Name for easy identification (e.g., "Production Public Key" or "Dev Private Key")
5. Select the username you want to associate with this key
6. Select the Key Permission type — either Public or Private
7. Click Create

Your new key will appear in the Security Keys list. Copy it immediately and store it securely — the full key value may not be displayed again after leaving the page.

Getting Your API Keys — For Partners/Resellers

To create API keys as a partner:

1. Log into your Partner Portal
2. Navigate to Settings > Security Keys
3. Click Add a New Key
4. Enter a descriptive Key Name for easy identification
5. Select the username you want to associate with this key
6. Select the Key Permission type and click Create

Key Permission Types

Best Practices

• Use separate keys for development/sandbox and production environments
• Give each key a clear, descriptive name so you can identify and revoke individual keys if needed
• Store Private Keys in environment variables or a secrets manager — never hardcode them in source files
• Rotate keys periodically, especially after staff changes or a suspected compromise
• Revoke any keys that are no longer in use