Authentication
Securely authenticate your applications with API keys.
Overview
API keys provide a secure way to authenticate your applications when making requests to the JPL Payments Gateway API. This guide will show you how to generate and use API keys for server-to-server communication.
What are API Keys?
API keys are authentication tokens that allow your backend services to communicate with the JPL Payments Gateway without requiring user intervention. Each API key is a unique identifier that grants access to your account's resources based on the permissions you assign.
How API Keys Work
When you make a request to the JPL Payments Gateway API, you include your API key in the request header. The gateway then:
- Validates the key - Checks that the key exists and is active
- Verifies permissions - Ensures the key has the necessary permissions for the requested operation
- Applies rate limits - Enforces usage limits based on your account
- Processes the request - Executes your API call if all checks pass
API keys use the format jtpgw_[random_string] and are included in requests using the Authorization header as a Bearer token.
Important
API keys are sensitive credentials. Never expose them in client-side code, commit them to version control, or share them publicly.
Generating an API Key
Follow these steps to generate a new API key:
Step 1: Log into the Vendor Dashboard
Navigate to the JPL Payments Gateway vendor dashboard and sign in with your credentials.
Step 2: Create a Product (if needed)
If you don't already have a product:
- Go to the Products section
- Click Create New Product
- Fill in the required product details
- Save your product
Step 3: Navigate to API Keys
- Select your product from the products list
- Click on the product to view its profile
- In the product profile, click on API Keys
Step 4: Generate New Key
- In the top right corner, click Generate New Key
- Provide a name and description for your API key (optional but recommended)
- Select the permissions you want to grant to this key
- Click Generate
Warning
The API key will only be displayed once after generation. Make sure to copy it immediately and store it in a secure location. You won't be able to view the full key again.
Step 5: Store Your API Key Securely
After generating your key:
- Copy the entire API key
- Store it in a secure location such as:
- Environment variables
- A secrets management service (AWS Secrets Manager, Azure Key Vault, etc.)
- An encrypted configuration file
Never store API keys in:
- Source code files
- Version control systems (Git, SVN, etc.)
- Client-side applications
- Unsecured text files
How to Use API Keys
To authenticate your API requests, include your API key in the x-api-key header of every request.
Basic Usage
curl -X GET https://api.justtap.io/v1/collections \
-H "Authorization: Bearer jtpgw_YOUR_API_KEY" \
-H "Content-Type: application/json"Code Examples
const apiKey = process.env.JPL_API_KEY; // Store in environment variable
const response = await fetch("https://api.justtap.io/v1/collections", {
method: "GET",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
});
const data = await response.json();
console.log(data);import os
import requests
api_key = os.getenv('JPL_API_KEY') # Store in environment variable
response = requests.get(
'https://api.justtap.io/v1/collections',
headers={
'Authorization': f'Bearer {api_key}',
'Content-Type': 'application/json'
}
)
data = response.json()
print(data)<?php
$apiKey = getenv('JPL_API_KEY'); // Store in environment variable
$ch = curl_init('https://api.justtap.io/v1/collections');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $apiKey,
'Content-Type: application/json'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
$data = json_decode($response, true);
curl_close($ch);
print_r($data);
?>using System;
using System.Net.Http;
using System.Threading.Tasks;
class Program
{
private static readonly HttpClient client = new HttpClient();
static async Task Main()
{
string apiKey = Environment.GetEnvironmentVariable("JPL_API_KEY");
client.DefaultRequestHeaders.Add("Authorization", $"Bearer {apiKey}");
client.DefaultRequestHeaders.Add("Content-Type", "application/json");
HttpResponseMessage response = await client.GetAsync(
"https://api.justtap.io/v1/collections"
);
string responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}import java.net.http.*;
import java.net.URI;
public class ApiExample {
public static void main(String[] args) throws Exception {
String apiKey = System.getenv("JPL_API_KEY");
HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://api.justtap.io/v1/collections"))
.header("Authorization", "Bearer " + apiKey)
.header("Content-Type", "application/json")
.GET()
.build();
HttpResponse<String> response = client.send(
request,
HttpResponse.BodyHandlers.ofString()
);
System.out.println(response.body());
}
}package main
import (
"fmt"
"io"
"net/http"
"os"
)
func main() {
apiKey := os.Getenv("JPL_API_KEY")
client := &http.Client{}
req, err := http.NewRequest(
"GET",
"https://api.justtap.io/v1/collections",
nil,
)
if err != nil {
panic(err)
}
req.Header.Add("Authorization", "Bearer " + apiKey)
req.Header.Add("Content-Type", "application/json")
resp, err := client.Do(req)
if err != nil {
panic(err)
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
if err != nil {
panic(err)
}
fmt.Println(string(body))
}Best Practices
Secure Storage
- ✅ DO store API keys in environment variables
- ✅ DO use secret management services
- ✅ DO use separate keys for different environments (development, staging, production)
- ❌ DON'T hardcode keys in source code
- ❌ DON'T commit keys to version control
- ❌ DON'T share keys via email or messaging apps
Key Rotation
Regularly rotate your API keys to maintain security:
- Production keys: Every 90 days
- Development keys: Every 180 days
- Immediately: If a key is compromised
Permissions
Follow the principle of least privilege - only grant the permissions your application actually needs.