Skip to main content
Sign Up

Checkout.com API Secret Key

Description

General

  • Documentation: https://api-reference.checkout.com
  • Summary: Checkout.com is a payment platform for e-commerce websites and mobile applications. Payments are processed via an API, this detector aims at catching the secret key used to access Checkout.com's API. As an API providing financial related information, the corresponding API key is highly sensitive.
  • IPs allowlist: As of the time of writing this documentation, this feature is not available.
  • Scopes: There are production and sandbox API keys. Sandbox API keys contain the word "test".

Revoke the secret

The secret key can be regenerated from the account dashboard.

Check for suspicious activity

As of the time of writing this documentation, this feature is not available.

Details for Checkout secret key

  • Family: Api

  • Category: Payment system

  • Company: Checkout.com

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.1

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - checkout
    - cko
- type: ContentWhitelistPreValidator
  patterns:
    - sk_[a-f0-9]{8}-

Examples

- text: |
    const cko = new Checkout('sk_0b9b5db6-fabc-49d0-b68f-13343bb4f708');
  apikey: sk_0b9b5db6-fabc-49d0-b68f-13343bb4f708

- text: |
    +    curl -X POST https://api.checkout.com/payments
    +      -H 'Authorization: sk_be458ac1-fabc-4194-bf58-123b5fae88c7'
  apikey: sk_be458ac1-fabc-4194-bf58-123b5fae88c7

Details for Checkout sandbox secret key

  • Family: Api

  • Category: Payment system

  • Company: Checkout.com

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 1.0

  • Prefixed: True

  • PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - checkout
    - cko
- type: ContentWhitelistPreValidator
  patterns:
    - sk_test_[a-f0-9]{8}-

Examples

- text: |
    const cko = new Checkout('sk_test_0b9b5db6-fabc-49d0-b68f-92645dc4f508');
  apikey: sk_test_0b9b5db6-fabc-49d0-b68f-92645dc4f508

- text: |
    +    curl -X POST https://api.sandbox.checkout.com/payments
    +      -H 'Authorization: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1'
  apikey: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1

# Fat-fingered secret
- text: |
    checkout for context
    ssk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1
  apikey: sk_test_be458ac1-fabc-4194-bf58-523e1ffd98e1

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

How can I help you ?