Create Your API Credentials
Once you have registered for a free Spreedly account, you need to set up an environment key and an access secret, which serve as your API credentials.
Clicking the “New Environment” button at the bottom of the page will take you to the form for creating a new environment. Fill in “Test” as the name for this environment and submit the form to create your new environment and automatically generate its environment key.
The environment key (
IXq0Ix8kLbbxY1WKptdZHR1m8qx in this example) will be used as part of your API credentials. You can execute API calls across different environments by using the relevant environment’s key.
Now that you have your environment key, which identifies the environment you wish to execute against, you need an access secret to authorize your API calls.
Access secrets are created at the organization level. In Spreedly, click on the “Organization” tab, which will bring you to the Organization Settings page. Clicking the “Add Access Secret” button at the bottom of the API Access Secrets section of the page will allow you to add a new access secret.
Any of your organization’s access secrets can authenticate API calls within any environment. However, we recommend you generate a new access secret for each application/environment combination (e.g., “app-dev,” “app-production”). This structure allows you to revoke the secret on a per-app basis without affecting non-impacted environments.
Spreedly recommends using separate organizations to isolate production environments and data from non-production environments and data; the risk of using one organization for all of your environments is the production and test data are not properly segmented and production and non-production data are accessible via a common API access secret. Test and QA environments should not share credentials or secrets with production level environments, and the only way to do this is to create separate organizations. To completely segment a testing environment, we recommend creating a test organization in addition to your production organization.
Access secrets should be created on a per-application basis and should be named accordingly. Create an access secret for the “Test App” and submit the form. An access secret will be generated for you and can now be used to authorize API calls for any environment in the organization.
Unlike environment keys, access secrets are just that: secret. They should never be posted publicly or shared over an insecure channel.
Authenticating to the API
The Spreedly API leverages standard HTTP Basic Authentication for API requests. To use the API, simply pass the environment key for the environment you want to use as the username along with an access secret as the password. Using
curl, the command looks something like this:
$ curl -u 'environment-key:access-secret' <options> <url>
Almost all code samples in the Spreedly documentation use a test environment key and access secret. Simply replace them with your environment key and access secret to access your data.
Now that you have Spreedly API credentials, you can perform your first operation, such as adding a gateway to start transacting.