Skip to main content

Checkout.com API Secret Key

Description

General

  • Documentation: https://api-reference.checkout.com
  • Summary: Checkout.com is a payment platform for e-commerce websites and mobile applications. Payments are processed via an API, this detector aims at catching the secret key used to access Checkout.com's API. As an API providing financial related information, the corresponding API key is highly sensitive.
  • IPs allowlist: As of the time of writing this documentation, this feature is not available.
  • Scopes: There are production and sandbox API keys. Sandbox API keys contain the word "test".

Revoke the secret

The secret key can be regenerated from the account dashboard.

Check for suspicious activity

As of the time of writing this documentation, this feature is not available.

Details for Checkout secret key

  • Family: Api

  • Category: Payment system

  • Company: Checkout.com

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.1

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- checkout
- cko
- type: ContentWhitelistPreValidator
patterns:
- sk_[a-f0-9]{8}-

Examples

- text: |
const cko = new Checkout('sk_0b9b5db6-fabc-49d0-b68f-13343bb4f708');
apikey: sk_0b9b5db6-fabc-49d0-b68f-13343bb4f708

- text: |
+ curl -X POST https://api.checkout.com/payments
+ -H 'Authorization: sk_be458ac1-fabc-4194-bf58-123b5fae88c7'
apikey: sk_be458ac1-fabc-4194-bf58-123b5fae88c7

Details for Checkout sandbox secret key

  • Family: Api

  • Category: Payment system

  • Company: Checkout.com

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.0

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- checkout
- cko
- type: ContentWhitelistPreValidator
patterns:
- sk_test_[a-f0-9]{8}-

Examples

- text: |
const cko = new Checkout('sk_test_0b9b5db6-fabc-49d0-b68f-92645dc4f508');
apikey: sk_test_0b9b5db6-fabc-49d0-b68f-92645dc4f508

- text: |
+ curl -X POST https://api.sandbox.checkout.com/payments
+ -H 'Authorization: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1'
apikey: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1

# Fat-fingered secret
- text: |
checkout for context
ssk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1
apikey: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1

How can I help you ?