Overview
LocalPayment uses API credentials to authenticate requests from your systems. This article explains the types of credentials available, where to generate them, and best practices for managing them securely.
Types of Credentials
1. API Key (General Authentication)
The main API key is used for authenticating all standard API calls — pay-ins, pay-outs, webhooks, and reporting.
- Generated from the LocalPayment dashboard
- Should be treated as a secret and never exposed in client-side code
- Used as a Bearer token or in the Authorization header, depending on the endpoint
2. Smart Fields Keys (Tokenization)
Smart Fields is LocalPayment's secure card tokenization solution. It uses a separate set of credentials specifically for rendering the card capture UI and tokenizing card data.
- Public Key — Used in the front-end/browser to initialize Smart Fields. Safe to expose in client-side code.
- Secret Key — Used server-side to complete payment with the token. Must be kept secret.
Where to Generate Credentials
- Log in to your dashboard at ui.v3.localpayment.com
- Navigate to Settings → API Keys (or Developers → API Keys)
- Generate a new key for the appropriate environment (Sandbox or Production)
- Copy the key immediately — it may not be shown again after creation
Sandbox vs. Production
- Sandbox keys — For testing only; no real money moves
- Production keys — Live environment; all transactions are real
- Keep sandbox and production credentials separate in your environment configuration
Key Rotation & Security Best Practices
- Rotate API keys periodically or immediately if you suspect a key has been compromised
- Store keys in environment variables or a secrets manager — never hardcode them
- Restrict API key access to only the IP addresses or services that need them
- Monitor for unusual API activity in your dashboard
Need Help?
If you are unable to generate or access your credentials, contact support@localpayment.com.