# API Keys Management

To ensure secure communication between your website and CoinbarPay's payment gateway, our system relies on API keys to authenticate and authorize requests. In this section, we will discuss the importance of managing your API keys properly, as well as the steps for generating and using the required keys.

## API KEYS

#### <mark style="color:purple;">SERVICE\_CLIENT\_ID</mark> : Payment Gateway Key

The <mark style="color:purple;">`SERVICE_CLIENT_ID`</mark> serves as the primary identifier for your CoinbarPay Service.

{% hint style="info" %}
This ID is used for identification to requests made between your website and our payment gateway.
{% endhint %}

#### <mark style="color:orange;">SERVICE\_SECRET\_KEY</mark> : Authentication Secret Key

The <mark style="color:orange;">`SERVICE_SECRET_KEY`</mark> serves as HMAC (Hash-based Message Authentication Code) secret key to sign and authenticate requests to CoinbarPay API Server.

{% hint style="warning" %}

#### <mark style="color:orange;">Warning</mark>

This KEY should never been exposed, transfered, sent to anyone outside your company or is not allowed to manage transactions requests.
{% endhint %}

{% hint style="info" %}

#### <mark style="color:blue;">Security hints</mark>

To maintain the highest level of security and protect your CoinbarPay account from unauthorized access or malicious activities, follow these best practices for API key management:

1. **Secure Storage**: Keep your `KEYS` and other API keys in a secure and encrypted location, such as environment variables or a secure database, to prevent unauthorized access or exposure.
2. **Limit Access**: Grant `KEYS` access only to the required services and personnel who directly manage your integration with CoinbarPay.
   {% endhint %}