Authentication

When you sign up for an account, you are given your first secret API key. You can generate additional API keys, and delete API keys (as you may need to rotate your keys in the future). You authenticate to the Rebilly API by providing your secret key in the request header.

Rebilly offers three forms of authentication: secret key, publishable key, JSON Web Tokens, and public signature key.

  • Secret API key: used for requests made from the server side. Never share these keys. Keep them guarded and secure.
  • Publishable API key: used for requests from the client side. For now can only be used to create a Payment Token and a File token.
  • JWT: short lifetime tokens that can be assigned a specific expiration time.

Never share your secret keys. Keep them guarded and secure.

JWT

You can create a JSON Web Token (JWT) via our JWT Session resource. Usage format: Bearer <JWT>.

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

PublishableApiKey

Only for the Tokens resource. You can create a Publishable API Key via our API Keys resource, by specifying the type as publishable.

Security Scheme Type API Key
Header parameter name: Authorization

SecretApiKey

When you sign up for an account, you are given your first secret API key. To do so please follow this link. Also you can generate additional API keys, and delete API keys (as you may need to rotate your keys in the future). All API keys can be restricted to a small set of permissions (restricted API keys).

Security Scheme Type API Key
Header parameter name: REB-APIKEY