Secret key is a unique sequence of characters used for executing operations via Yandex.Checkout (for instance, payments and refunds). You need this key for authentication: to let Yandex.Checkout know that this is you who send us requests for payments.
Who needs a secret key
- Those who have custom-made sites, and they implemented Yandex.Checkout via API.
- Those whose payment module works via the Yandex.Checkout API.
If you implemented Yandex.Checkout via the HTTP protocol, or your CMS operates under Yandex.Checkout's former protocol, you do not need a secret key.
You can generate the key under the store's settings in your Merchant Profile, save it on your side and transmit to Yandex.Checkout in requests for payments.
Issuing secret key for the first time
The key is issued in the course of your onboarding with Yandex.Checkout (or if you sign up a new store).
You need to copy and save the key, then activate it with a text message password.
1. Log in to your Merchant Profile and select the store you need (in the top menu).
2. Navigate to Settings, find the Keys section, and click Issue a key.
3. Copy the key (using the special button or manually) and save it independently as Yandex.Checkout does not store keys on its side, and you won't be able to copy the key in the next step.
4. Activate the key with a text message password: this requires a phone number to be linked to your Merchant Profile.
First specify your phone number (if it's not linked yet).
Then confirm the key with the code from the text message.
That done, the key will be activated and you will be able to use it to carry out transactions (for instance, payments and refunds).
How to reissue the key
If something goes wrong with the key (for instance, you lost or compromise it), you can issue a new one.
After reissuing the key you have 48 hours to embed the new key wherever required, before the former key will expire.
You can reissue the key several times in a row, but only the last one issued will be the active one.
1. Log in to your Merchant Profile and select the required store (in the top menu ).
2. Navigate to Settings, then view Keys.
3. Click the Reissue icon near the key.
4. Copy the key (using the special button or manually) and save it independently as Yandex.Checkout does not store keys on its side, and you won't be able to copy the key in the next step.
5. Activate the key with a text message password: this requires a phone number to be linked to your Merchant Profile.
That's it! Now you have two secret keys: they both function now, but the former key will expire in 48 hours.
Specifying the key for a ready-made module (CMS)
This instruction is only for modules operating under the new Yandex.Checkout API. Some of the modules still operate under the former protocol. They do not require a secret key.
If you use such module, you only need to pasteinsert the key you copied into the Secret key field.
Specifying the key in custom-made systems
If you created your own payment module under the Yandex.Checkout API, you need to transmit secret key in the headers of all requests.
You need to place this key in your system's code: this is usually done by technical experts on your site.