Skip to main content

Managing API Keys in the Portal

Step-by-step guide to creating, labeling, and revoking API keys in the Anton Payments merchant portal.

Written by Ryan O
Updated today

API Key Management

API keys authenticate your applications when making requests to the Anton Payments API. You can create and manage API keys directly from the merchant portal. This article walks you through the process and covers best practices for keeping your keys secure.

Accessing API Key Settings

To manage your API keys:

  1. Log in to the merchant portal at app.antonpayments.com.

  2. Navigate to Settings > API Keys.

This page displays all your existing API keys, including their label, environment, creation date, and status.

Creating a New API Key

To create a new API key:

  1. Click Create API Key.

  2. Select the environment for the key:

    • Sandbox β€” For testing and development. Sandbox keys use the prefix ak_test_ and authenticate against api.antonpayments.dev.

    • Production β€” For live payouts. Production keys use the prefix ak_live_ and authenticate against api.antonpayments.com.

  3. Enter a label for the key. Use a descriptive name that identifies where or how the key will be used (e.g., "Backend Server", "Batch Processing Service").

  4. Click Create.

Important: The full API key is displayed only once at the time of creation. Copy it immediately and store it in a secure location such as a secrets manager or encrypted vault. You will not be able to view the full key again after leaving this page.

Revoking an API Key

If a key is compromised, no longer needed, or you are rotating keys, you should revoke it:

  1. Navigate to Settings > API Keys.

  2. Find the key you want to revoke.

  3. Click Revoke.

  4. Confirm the revocation.

Revocation takes effect immediately. Any API requests made with the revoked key will be rejected with an authentication error. Make sure you have a replacement key in place before revoking a key that is actively in use.

Best Practices

Follow these guidelines to keep your API keys secure:

  • Store keys securely. Use a secrets manager, environment variables, or an encrypted vault. Never hardcode API keys in your source code.

  • Never share keys in plaintext. Do not send API keys via email, chat messages, or any unencrypted channel. If a key has been shared insecurely, revoke it and create a new one.

  • Use separate keys for separate services. If you have multiple applications or services that call the Anton API, create a dedicated key for each one. This way, if one key is compromised, you can revoke it without affecting other services.

  • Rotate keys periodically. Even if no compromise is suspected, rotating keys on a regular schedule reduces the window of exposure if a key is leaked without your knowledge.

  • Use sandbox keys for testing. Never use production keys in development or testing environments. Sandbox keys (ak_test_) are isolated from live data and should always be used during development.

  • Keep source code clean. Add API keys to your .gitignore or equivalent to prevent accidental commits. Use environment variables or a configuration management tool to inject keys at runtime.

Key Prefixes Reference

Prefix

Environment

API Base URL

ak_test_

Sandbox

api.antonpayments.dev

ak_live_

Production

api.antonpayments.com

Did this answer your question?