Skip to main content

API keys

Zip authenticates your API requests using your account’s API keys. If a request doesn’t include a valid key, Zip returns an invalid request error. If a request includes an invalid key, Zip returns an authentication error.

Use the Developers Dashboard to get your API keys.

Test mode versus live mode

All Zip API requests occur in either test mode or live mode. Use test mode to access test data, and live mode to access actual account data. Each mode has its own set of API keys. Objects in one mode aren’t accessible to the other. For instance, a test-mode product object can’t be part of a live-mode payment.

Secret and publishable keys

All accounts have a total of four API keys by default—two for test mode and two for live mode:

  • Test mode secret key: Use this key to authenticate requests on your server when in test mode. By default, you can use this key to perform any API request without restriction.
  • Test mode publishable key: Use this key for testing purposes in your web or mobile app’s client-side code.
  • Live mode secret key: Use this key to authenticate requests on your server when in live mode. By default, you can use this key to perform any API request without restriction.
  • Live mode publishable key: Use this key in your web or mobile app’s client-side code when in live mode.

Keep your keys safe

Anyone can use your live mode secret API key to make any API call on behalf of your account, such as creating a charge or performing a refund. Keep your keys safe by following the secret API keys best practices.

Leaked secret API keys

If you believe your secret API key has been compromised, contact our support ([email protected]) immediately to prevent unauthorized access on your account. We’ll then revoke the compromised key and issue you a new one.