Navigating Your Account
There are several concepts that are important to understand when navigating your account and structuring your company’s access to Spreedly.
Every user on Spreedly belongs to an organization. If you registered for Spreedly directly (i.e., without an invite from an existing org member) you specified the organization name in the registration form.
An organization is meant to represent a whole company or business unit. Billing occurs at the organization level, meaning groups within the same company, but with separate billing requirements, will need to operate as two independent organizations within Spreedly.
Be aware that all users in your Spreedly organization are administrators and can manage and access the list of API access secrets. Only add trusted users to your organization.
Each organization can have several environments. An environment allows you to separate your payment information into distinct groups. In most scenarios, having a “test” and “production” environment will suffice. However, organizations with more complex structures may choose to segment their payment processing by region or business unit.
It is important to note that data in one environment will not be operable from another environment. For instance, a payment method stored in environment “A” cannot be used in a purchase against a gateway stored in environment “B”. Environments truly are distinct and should be used to isolate unrelated payment functions.
When invoking the Spreedly API, each environment’s key will be required to scope the operation to that environment. An environment’s key is not considered to be sensitive, so it can be shared.
API access secrets, which are used to authenticate your organization when invoking the API, are issued at the organization level. It is a good practice to generate an access secret for each application/environment combination (e.g., “app-dev”, “app-production”). This allows you to revoke the secret on a per app basis without affecting non-impacted environments.
Access secrets are considered private and secure. Do not share them or expose them through insecure channels. An access secret, in combination with an environment key, will give you full access to the Spreedly API.