# Authentication

Browpay API works in two modes. Live Mode and Sandbox Mode

* The **Live mode** keys are retrieved from the main dashboard at <https://dashboard.browpay.com> and the Live mode API endpoint is at <https://api.browpay.com/v1/>&#x20;
  * In the Live mode there are real payments, real effects and data. Only switch to live api endpoint after you have reviewed your test integrations thoroughly.
* The **Sandbox Mode** keys are retrieved from the sandbox dashboard environment at <https://sandbox.browpay.com> and the Sandbox mode API endpoint is at [https://s-api.browpay.com/v1/](https://s-api.browpay.com)
  * In the Sandbox mode you have mock transactions, test payments and test transactions. Here is where you get the liberty to test and run your demo integrations just as it would respond in real transactions, but in sandbox no real money is processed.&#x20;

    **Also Note:** that we are bound to erase sandbox data after a year; which means you only get a year data interval for every tests you make.&#x20;

Sign up at <https://sandbox.browpay.com> to switch to sandbox mode and retrieve your test keys.

### API KEYS

* **Secret Key:** Your secret key authorizes your API requests. It is required to authenticate your API calls. Y**ou are expected to protect your secret keys from the public** and do not expose it in your frontend.
* **Public Key:** Your public key is primarily used to decrypt the webhook payloads we send to you. Further updates on public key utilization will be published in due time.
* **Encryption Key:** The encryption also works as a pair to the public key in decrypting the webhook payloads we send to you. We are working hard to ensure the security of your data while you consume our endpoints.

To retrieve your keys, navigate to **API Keys** in your  dashboard menu and copy your keys.

<figure><img src="https://3447090286-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyBd6Cxdk3zaYhL3xhS5a%2Fuploads%2FgfyFYMzmKXwAUS3boEIH%2Fimage.png?alt=media&#x26;token=68600383-5161-40a5-bf26-0586773cf906" alt=""><figcaption><p>Browpay API Keys page</p></figcaption></figure>

{% hint style="warning" %}
**IMPORTANT**

If you suspect that your keys have been exposed or compromised, navigate to **API KEYS** in your dashboard menu and generate new keys to deactivate the previously exposed ones for your safety.
{% endhint %}

A sample secret key authorization would look like this:

{% tabs %}
{% tab title="Node JS" %}

```javascript
const axios = require('axios');

const apiUrl = 'browpay-api-endpoint';
const token = 'Your-secret-key';

axios.get(apiUrl, {
  headers: {
    'Authorization': `Bearer ${token}`
  }
})
  .then(response => {
    console.log(response.data);
  })
  .catch(error => {
    console.error(error);
  });
```

{% endtab %}

{% tab title="Python" %}

```python
import requests

api_url = 'browpay-api-endpoint'
token = 'your-secret-key'

headers = {
    'Authorization': f'Bearer {token}'
}

response = requests.get(api_url, headers=headers)

print(response.json())
```

{% endtab %}

{% tab title="PHP" %}

```php
$options = [
    'http' => [
        'header' => "Authorization: Bearer 'your-secret-key'",
    ],
];

$context = stream_context_create($options);
$response = file_get_contents('browpay-api-endpoint', false, $context);

echo $response;
```

{% endtab %}
{% endtabs %}