What are API Keys?
API keys are unique identifiers that authenticate your application when making requests to the Moflay API. They come in two types:- Sandbox keys (prefix:
mof_test_) - For testing and development - Production keys (prefix:
mof_live_) - For live payments
API keys are environment-specific. Sandbox keys only work in the sandbox
environment, and production keys only work in the production environment.
Creating Your First API Key
1
Navigate to API Keys
Go to the Moflay Dashboard and select
your organization.
2
Choose Environment
Select the environment you want to create an API key for: - Sandbox -
For testing and development - Production - For live payments (requires
production credentials)
Make sure you’re in the correct environment before creating your API key.
3
Create New API Key
- Click the “Create API Key” button 2. Enter a descriptive name for your API key (e.g., “My App - Development”) 3. Select the permissions you need: - Read - View transactions, customers, and analytics - Write - Create payments, customers, and transactions - Admin - Full access including account management
You can always modify permissions later, but it’s recommended to follow
the principle of least privilege.
4
Copy and Store Your API Key
Once created, you’ll see your API key. Copy it immediately as it won’t
be shown again for security reasons.
mof_test_1234567890abcdef...Important: Store your API key securely. Never commit it to version
control or share it publicly. Use environment variables in production.
Using Your API Key
In Your Application
Store your API key as an environment variable:With cURL
Managing API Keys
Viewing Your Keys
In the API Keys dashboard, you can:- View all your API keys
- See their creation date and last used date
- Check their permissions
- See which environment they belong to
Regenerating Keys
If you suspect a key has been compromised:- Go to the API Keys dashboard
- Find the key you want to regenerate
- Click the “Regenerate” button
- Copy the new key and update your application
- The old key will be immediately invalidated
Regenerating a key will break any applications using the old key. Make sure to
update all your applications before regenerating.
Deleting Keys
To delete an unused API key:- Go to the API Keys dashboard
- Find the key you want to delete
- Click the “Delete” button
- Confirm the deletion
Deleted keys cannot be recovered. Make sure you don’t need the key before
deleting it.
Security Best Practices
Do’s ✅
- Store API keys in environment variables
- Use different keys for different environments
- Rotate keys regularly
- Use the principle of least privilege
- Monitor key usage in the dashboard
Don’ts ❌
- Never commit API keys to version control
- Don’t share keys in chat or email
- Don’t use the same key across multiple applications
- Don’t hardcode keys in your source code
- Don’t ignore suspicious activity
Troubleshooting
Invalid API Key Error
If you get an “Invalid API Key” error:- Check the key format - Should start with
mof_test_ormof_live_ - Verify environment - Make sure you’re using the right key for the right environment
- Check for typos - Copy the key again from the dashboard
- Regenerate if needed - The key might have been compromised
Missing API Key Error
If you get a “Missing API Key” error:- Check your code - Make sure you’re including the Authorization header
- Verify environment variables - Ensure the variable is loaded correctly
- Check the header format - Should be
Authorization: Bearer YOUR_API_KEY
Permission Denied Error
If you get a “Permission Denied” error:- Check key permissions - Make sure your key has the required permissions
- Verify the endpoint - Some endpoints require specific permissions
- Contact support - If you need additional permissions
Next Steps
Once you have your API key set up:- Test your integration with the sandbox environment
- Set up production credentials when ready to go live
- Explore our API reference for advanced features
Need help? Contact our support team at
support@moflay.com or join our Discord
community.