Authentication
All of Checkbook’s API endpoints must be authenticated using the standard HTTP Authorization header to pass authentication information.
We provide multiple environments within our application, and the keys generated in each environment do not work across environments. Sandbox keys must be used for the sandbox environment and production keys in the production environment.
Obtaining Your API Keys
Log in to your account
Access your Checkbook dashboard via our website
Navigate to the developer settings
The developer settings page can be found under the Settings -> Developer menu
Generate the API keys
Each Checkbook account can have multiple API keys, and each API key can have its own expiration date and name for easier management. A given API key will have two parts:
Please securely save your keys immediately after generation, as we do not provide a way to retrieve your secret key after it has been created. Should you lose your keys, you can always generate a new one.
Publishable Key (Public Key): This is an identifier associated with each key and may be included in emails or support tickets sent to the Checkbook team.
Secret Key (Private Key): This key is private and should never be exposed in client-side code or shared publicly. Treat it like a password.
Using Your API Keys
You’ll include your publishable key and secret (separated by a : character) in the Authorization header of your HTTP requests to the Checkbook.io API. The format is as follows:
Authorization: d6aa2703655f4ba2af2a56202961ca86:dXbCgzYBMibj8ZwuQMd2NXr6rtvjZ8Important Security Considerations
Keep your Secret Key confidential. Store it securely on your server-side infrastructure.
Do not embed your Secret Key directly in client-side code (e.g., JavaScript, mobile apps). This could lead to unauthorized access to your account.
Rotate your API keys periodically for enhanced security. You can generate new keys and revoke old ones through your dashboard.