Guides
WebsiteLog In

Developer Settings

Suggest Edits

Overview

The Developer Settings section lets you securely connect, authenticate, and manage how your system communicates with the platform. Use this tab to generate API keys, configure webhooks, manage access, and enforce custom security measures.

Navigate to Settings > Product Settings > Developer Settings to access developer settings:

Developer Settings – Key Modules

  • API Keys: Generate and manage secure API keys for authentication and system integration
  • Authentication: Configure and manage authentication protocols (e.g., HMAC, OAuth) for secure API access
  • Whitelist IP Addresses: Restrict platform access to a list of trusted IPs for enhanced security
  • Webhooks: Set up webhook endpoints to receive real-time notifications on account events
  • Webhook Custom Header: Add custom headers to webhook requests for additional authentication and metadata

API Keys

Generate and manage API keys for secure programmatic access to the platform.

  • Create a new key: Click “+ New API Key” to generate a key. You can label keys for easier identification
  • Permissions: Assign environment-specific scopes (e.g., read-only, write, or admin)
  • Rotation: We recommend rotating keys every 30 days for enhanced security
  • Revocation: Revoke compromised or unused keys immediately
Click on Generate API Keys

Click on Generate API Keys

Best practice

Store your keys securely using a secrets manager like AWS Secrets Manager or Vault.

Authentication

Set up protocols to ensure only verified systems interact with your APIs

  • HMAC-based Auth: Enable message signing to verify payload integrity
  • OAuth 2.0: If enabled, follow the OAuth workflow to connect third-party systems

Whitelist IP Addresses

Restrict API access to trusted IPs to add an extra layer of protection.

  • Add IP: Click “+ Add IP” to specify allowed IP addresses or CIDR blocks
  • Block by default: All other IPs will be denied access once at least one IP is added
Add the IP Address to enable the Dashboard, API, or both

Add the IP Address to enable the Dashboard, API, or both

Best practice

Use static IPs from your cloud provider for consistent access control.

Webhooks

Receive real-time updates about events in your account, like payment status changes or configuration updates.

  • Create webhook endpoint: Define a target URL to receive POST requests when specific events occur.
  • Select events: Choose which event types you'd like to subscribe to (e.g., transaction.completed, account.updated)
Create Custom Webhook Header

Create Custom Webhook Header

Best practice

Use a webhook tester to simulate events before going live.

Webhook Custom Header

Add custom headers to each webhook event for authentication or metadata

  • Add header: Key-value headers can be used to validate payloads or route traffic intelligently
  • Use with HMAC: Combine with your secret key to hash the payload and verify its origin

Best practice

Log and monitor webhook delivery status to ensure high reliability and fast debugging.

Updated 3 months ago