Return to Orbital Homepage
Guides & Knowledge Base
Login to the Client Portal
Start typing to search…

How to Create API Keys

API keys are the credentials your systems use to authenticate requests to the Orbital Pay-ins and Pay-outs APIs. Each organization can have up to five active keys at a time, giving you flexibility to separate environments (such as test, staging, and production) or assign different keys to specific services.

Creating an API Key

  • In the left-hand menu, select Ecommerce > Configurations > API Keys.
  • Click on Create API Key.
  • This open a modal for you to Choose the API Type you need.

Option A: Pay-ins Only

The Pay-ins Only option creates an API key that can be used exclusively to receive funds. It is considered a lower-risk key type because it does not require approval from other users or any IP whitelisting. This makes it especially useful for test environments, frontend integrations, or other read-only use cases.

Steps:

  • Enter a name your key
  • Click Proceed to create your API key. The system will generate your API key.
❗️

The created API key will only be displayed once. Copy and store it securely as exposing it could allow unauthorized access.

Option B: Pay-ins and Pay-outs

The Pay-ins and Pay-outs option creates an API key that can both receive deposits and initiate withdrawals. Since this key type grants permission to move funds out of your account, it carries a higher level of risk and therefore comes with stricter security requirements.

You should choose this option if your integration needs to manage the full payment cycle. To protect your account, your IP address must be whitelisted and the API request must approve the request before the key can be activated.

Steps

  • Enter a name for your key and click Proceed.
  • Scroll through the list of existing whitelisted IPs to see if your IP address is already registered. If not, click + Add another IP address, enter your server IP, and click Proceed.
  • Your API key will be created and automatically sent for approval.
  • You can monitor the approval status of your API key in the in the API Approval tab, where you can see if your request is pending, accepted, or rejected.
  • Once approved, copy and store your API key securely.
❗️

Keys with Pay-outs access should only be stored in secure backend systems and never exposed in frontend applications

Once your keys are created and stored securely, you can immediately start using them to authenticate requests to the Pay-ins and Pay-outs APIs.

Updated about 16 hours ago