Create Your API Credentials

Once you have registered for a free Spreedly account, you need to set up an environment key and an access secret, which serve as your API credentials.

Environment key

An environment in Spreedly is used to organize your payment data. To get started, create a test environment by logging in and selecting the “Environments” tab.

Clicking the “New Environment” button at the bottom of the page will take you to the form for creating a new environment. Fill in “Test” as the name for this environment and submit the form to create your new environment and automatically generate its environment key.

The environment key (IXq0Ix8kLbbxY1WKptdZHR1m8qx in this example) will be used as part of your API credentials. You can execute API calls across different environments by using the relevant environment’s key.

Access secret

Now that you have your environment key, which identifies the environment you wish to execute against, you need an access secret to authorize your API calls.

There are two types of access secrets, a single environment access secret and an organization access secret. A single environment access secret can be used to authenticate API calls for a single environment, while an organization access secrets can authenticate API calls within any environment. Spreedly recommends using separate environments to isolate production connections and data from non-production connections and data; though there is still risk as production and non-production environments are accessible via a common API access secret if using an organization access secret. Test and QA environments should not share credentials with production level environments.

To view, create, or delete your single environment access secrets, log into your account and visit the Environments tab. Use Configure for each environment. To view, create or delete your organization access secrets, visit the Organization tab, which will bring you to the Organization Settings page. Clicking the “Add Access Secret” button at the bottom of the API Access Secrets section of the page will allow you to add a new access secret.

Access secrets should be created on a per-application basis and should be named accordingly. Create an access secret for the “Test App” and submit the form. An access secret will be generated for you and can now be used to authorize API calls for either a single environment, with a single environment access secret, or for any environment in the organization, with an organization access secret.

Unlike environment keys, access secrets are just that: secret. Access secrets are considered private and secure. Do not share them or expose them to insecure channels - even in e-mails to the Spreedly team. An access secret, in combination with an environment key, grants full access to the Spreedly API. If you or another user within your organization share an access secret insecurely, we advise that you revoke the secret as soon as possible, and generate a new one.

Authenticating to the API

The Spreedly API leverages standard HTTP Basic Authentication for API requests. To use the API, simply pass the environment key for the environment you want to use as the username along with an access secret as the password. Using curl, the command looks something like this:

$ curl -u 'environment-key:access-secret' <options> <url>

Almost all code samples in the Spreedly documentation use a test environment key and access secret. Simply replace them with your environment key and access secret to access your data.


Now that you have Spreedly API credentials, you can perform your first operation, such as adding a gateway to start transacting.