Logo

Smarty Docs

API Keys

If you want to create payments via the Smarty Pay SDK or API, then you will need public access keys (API Keys). For example, you need an API key to add a payment button on your website or integrate Smarty Pay into your online shop built with WooCommerce.

Creating an API Key

To create an API key, navigate to the Settings section on the left menu, and select Integration section.

Use the Create new API Key button to generate an API key for interaction with Smarty Pay APIs.

Create new API Key

Important!
The secret part of the key will be shown only once, so make sure you copy it to a safe place.

Keep your keys in safe place

You can update your API keys if necessary.

Keys Security

Please note that you should never publicly expose the secret part of your API key. Do not embed the secret in your frontend code. Store the secret exclusively on the backend, where it cannot be accessed by third parties. Otherwise, someone else could make requests to the Smarty Pay API on your behalf.

If you suspect that your API key has been compromised, simply delete it in the merchant dashboard and generate a new one.

By the way, API keys for testing (TestNet) are different from the ones you'll use for real transactions (MainNet).

Keys Verification

Technical information for developers

To verify access to the Smarty Pay API, you can use Basic authentication method.

Example of a Curl request in the terminal (replace API_KEY with the key name and SECRET with the secret part):

Basic authentication example

# This code must be on your backend side
# Do not send your Secret into Client Browser!
curl --request POST \
  --url https://api.smartypay.io/integration/payments \
  --user API_KEY:SECRET \
  --header 'content-type: application/json' \
  --data '{
    "amount": {
        "value": "15",
        "currency": "btUSDTv2"
    },
    "expiresAt": "2025-07-29T13:51:34.755Z"
}'
  • If the request returns a 404 CompanyApiKeyNotFound error, then an incorrect key name was passed.
  • If the request returns a 403 Forbidden error, then an incorrect key secret was passed.
  • In other cases, the API key was used correctly.

Keys in Webhooks

Technical information for developers

API keys are also used to securely send webhooks from Smarty Pay to the merchant's specified URL. To verify the authenticity of the send from Smarty Pay, two additional headers are also passed in the POST request:

  • x-sp-key - the name of the API key
  • x-sp-digest - a signature on the request body created using the API key secret via HMAC-SHA256

Please note that if you have created multiple API keys, Smarty Pay will make the same number of webhook calls with the same body but different signatures from each key.

More information about webhooks can be found in this article.