✨ NEW: Reset your API keys from the Paystack Dashboard
Business owners can now change their API keys directly from the Paystack Dashboard.
Every time a customer attempts to pay you, or when you initiate a transfer, your business sends a special set of IDs called API keys to Paystack behind the scenes. Paystack reviews these API keys, and confirms that they truly belong to your business before enabling the payment or transfer.
Previously, if you wanted to reset your API keys, you'd need to send an email to the Paystack support team. We're happy to share that you can now issue new API keys to yourself from the Paystack Dashboard.
Why this matters
Anyone who has access to your API keys can collect payments on your behalf, or do transfers from your Paystack account.
Now imagine your API keys were compromised — say you mistakenly share them with someone, or a bad actor gets their hands on them. You can now immediately change your API keys, and take back full control of your business.
Additionally, depending on the type of your business, it may be good practice to periodically change your API keys, say twice in a year. This strengthens your security against bad actors.
Now, how exactly do you reset your API keys?
How to Reset your API Keys
- Log into your Paystack Dashboard
- Click on the Settings page, and then click on the API Keys & Webhooks tab
- Just below your Live Secret Key, you’ll see the option to generate a new secret key. Click on it
4. After you click on it, you’ll be prompted to select when you want your old API keys to expire
5. Finally, you’ll be required to enter your password to generate your new secret key!
Important things to note
1. Only Admins can change a business’ API keys
2. When you change your API keys, you’ll need to update your business’ website, app, or servers with the new keys to continue accepting payments or making transfers on Paystack
3. The wait period allows you to schedule a specific time in the future when the current keys will expire. Let's say you selected the 30 minutes wait period, for example. What this means is that for the next 30 minutes after you select the option, both your old API keys and new ones will be active. Immediately after the 30-minute mark, however, the old keys will stop working, and only your new keys will work
4. Every change you make to your API keys will be recorded on your Audit Logs.
Questions?
Do you have any questions at all about the Reset API keys feature or suggestions? Send us an email at [email protected] — we’re happy to hear from you ❤️✨