Secret Key

Secret key is a unique sequence of characters used for executing operations via Yandex.Checkout (for instance, payments and refunds). You need this key for authentication: to let Yandex.Checkout know that this is you who send us requests for payments.

 

Who needs a secret key

  1. Those who have custom-made sites, and they implemented Yandex.Checkout via API.
  2. Those whose payment module works via the Yandex.Checkout API.

If you implemented Yandex.Checkout via the HTTP protocol, or your CMS operates under Yandex.Checkout's former protocol, you do not need a secret key.

You can generate the key under the store's settings in your Merchant Profile, save it on your side and transmit to Yandex.Checkout in requests for payments.

Issuing secret key for the first time

The key is issued in the course of your onboarding with Yandex.Checkout (or if you sign up a new store).

1. Log in to your Merchant Profile and select the store you need (in the top menu).

2. Navigate to Settings, find the Keys section, and push Issue a key.

3. Copy the key (using a special button or manually) and save it on your side: Yandex.Checkout does not store this information, and you won't be able to copy the key on the next step.

4. Confirm the action with a text message password: this requires a phone number to be linked with your Merchant Profile. If you do not have a phone linked, you will link it in the course of creating the key.

That done, the key becomes activated: you will be able to execute operations with it (for instance, payments and refunds).

How to reissue the key

If something goes wrong with the key (for instance, you lost or compromise it), you can issue a new one.

After reissuing the key you have 48 hours to embed the new key wherever required, before the former key will expire.

You can reissue the key several times in a row, but only the last one issued will be the active one.

1. Log in to your Merchant Profile and select the store you need (in the top menu).

2. Navigate to Settings, then view Keys.

3. Push the Reissue icon near the key.

4. Copy the key (using a special button or manually) and save it on your side: Yandex.Checkout does not store this information, and you won't be able to copy the key on the next step.

5. Confirm the action with a text message password: this requires a phone number to be linked with your Merchant Profile.

That's it! Now you have two secret keys: they both function now, but the former key will expire in 48 hours.

Specifying the key for a ready-made module (CMS)

This instruction is only for modules operating under the new Yandex.Checkout API. Some of the modules still operate under the former protocol. They do not require a secret key.

If you use such module, you only need to pasteinsert the key you copied into the Secret key field.

Specifying the key in custom-made systems

If you created your own payment module under the Yandex.Checkout API, you need to transmit secret key in the headers of all requests.

You need to place this key in your system's code: this is usually done by technical experts on your site.