API key management
API keys allow you to authenticate with the Hubpay API and integrate payment services directly into your own systems. This guide covers how to create, view, and delete API credentials from your account.
API access is available on request. To enable API integration for your account, reach out to your Hubpay relationship manager. Once API access has been enabled, you will be able to create and manage credentials directly from your account settings.
How API keys work
Each API key consists of two parts:
| Component | Description |
|---|---|
| Client ID | A unique identifier used to authenticate your API requests |
| Client Secret | A secret key paired with the Client ID, used to sign requests |
When you create a new API key, both the Client ID and Client Secret are returned. The Client Secret is only displayed once at the time of creation. It cannot be retrieved afterwards. Store it securely before closing the creation dialog.
Key management actions
| Action | Description |
|---|---|
| Create | Generate a new API key by providing an associated email address |
| View | See a list of all active API keys, including Client ID, email, and creation date |
| Delete | Permanently revoke an API key — it will stop working immediately |
There is no option to regenerate or rotate an existing key. If a key is compromised or needs to be rotated, delete it and create a new one.
Credential limits
Each account can have a maximum of 10 active API credentials. If you reach the limit, you must delete an existing key before creating a new one.
Security best practices
- Store your Client Secret in a secure secrets manager — never commit it to source control
- Use separate API keys for different environments or integrations where possible
- Delete unused keys promptly to reduce your attack surface
- Monitor which keys are active and who created them
Guides by account type
API key management is available to both corporate account holders and partner organisations, with slight differences in access and context.
- Corporate accounts — For business account owners and admins managing their own API integrations
- Partner accounts — For Partner Admins managing API access on behalf of their partner organisation