API Keys

API keys authenticate your requests to the DirectCryptoPay backend. They are used by the widget, WordPress plugin, and any custom integrations you build.

Generating API Keys

1. Log in to your Dashboard
2. Navigate to Settings > General
3. Your API key is displayed in the settings panel
4. Copy it and store it securely

## Webhook Secret

In addition to the API key, you have a Webhook Secret used to verify the authenticity of incoming webhook notifications. This is separate from your API key.

1. In Settings > General, locate the Webhook Secret
2. Copy it for use in your webhook verification logic

See the Webhooks guide for detailed verification instructions.

Using Your API Key

In HTTP Headers

When making API requests, include the API key in the X-API-Key header:

curl -X POST https://test-api.directcryptopay.com/v1/payment_intents \
  -H "Content-Type: application/json" \
  -H "X-API-Key: YOUR_API_KEY" \
  -d '{"amount": 49.99, "currency": "USD"}'

In the WordPress Plugin

Enter the API key in the WooCommerce payment gateway settings:

WooCommerce > Settings > Payments > DirectCryptoPay > API Key

In Widget Integrations

The widget uses an Integration ID (created from your API key context) rather than the raw API key:

<script src="https://widget-dev.directcryptopay.com/dcp-widget.umd.js"></script>
<script>
  DirectCryptoPay.init({
    integrationId: 'your-integration-id'
  });
</script>

Security Best Practices

• Never commit API keys to version control -- Use environment variables
• Rotate keys periodically -- If you suspect a key has been compromised, regenerate it from the dashboard
• Use separate keys for testnet and mainnet -- Each environment has its own keys
• Restrict access -- Only share keys with team members who need them

```bash # .env (do not commit this file) DCP_API_KEY=your_api_key_here DCP_WEBHOOK_SECRET=your_webhook_secret_here ```