Skip to main content

Checkout.com Sandbox API Secret Key

Description

General

  • Documentation: https://api-reference.checkout.com

  • Summary: Checkout.com is a payment platform for e-commerce websites and mobile applications. The Sandbox Secret Key is used to authenticate API requests in the Checkout.com sandbox environment, which simulates payment processing for testing purposes. While sandbox keys are not used for real transactions, they are still sensitive as they grant access to the sandbox API and testing resources.

  • IPs allowlist: As of the time of writing this documentation, IP allowlisting is not supported for Checkout Sandbox Secret Keys.

  • Scopes: Sandbox Secret Keys are used exclusively in the sandbox environment and contain the word "test" to distinguish them from production keys. They provide access to simulated payment processing and testing functionalities.

Revoke the secret

Sandbox Secret Keys can be regenerated from the Checkout.com account dashboard. Navigate to the "API Keys" section, locate the sandbox key, and regenerate it to revoke the old key.

Check for suspicious activity

As of the time of writing this documentation, Checkout.com does not provide a dedicated feature for monitoring suspicious activity specifically for sandbox keys.

Details for Checkout.com Sandbox API Secret Key

  • Family: token

  • Category: payment_system

  • Company: Checkout.com

  • High recall: True

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.0

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - checkout
    - cko
- type: ContentWhitelistPreValidator
  patterns:
    - sk_sbox_[a-f0-9]{8}-

Examples

- text: |
    const cko = new Checkout('sk_sbox_0b9b5db6-fabc-49d0-b68f-92645dc4f508');
  apikey: sk_sbox_0b9b5db6-fabc-49d0-b68f-92645dc4f508

- text: |
    +    curl -X POST https://api.sandbox.checkout.com/payments
    +      -H 'Authorization: sk_sbox_be458ac1-fabc-4194-bf58-523e1ffd98e1'
  apikey: sk_sbox_be458ac1-fabc-4194-bf58-523e1ffd98e1

# Fat-fingered secret
- text: |
    checkout for context
    sk_sbox_be458ac1-fabc-4194-bf58-523e1ffd98e1
  apikey: sk_sbox_be458ac1-fabc-4194-bf58-523e1ffd98e1
Last updated on

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status