# Credentials

These information are very sensitive and will be provided to you in an encrypted form.

If you have not yet received your credentials or need help obtaining them, please contact your Treezor Account Manager.

Information – Credentials are environment-specific

This means that you have a set of credentials for each environment, they cannot be used with one another.

In this article, we will explore how each credentials are used.

# API authentication credentials

There are composed of a client_id integer and a client_secret string.

These credentials are used to initiate an OAuth 2.0 authentication process, then allowing you to send JWT-enabled request to the Treezor Connect API.

Security – Keep your credentials safe

Your client_id and client_secret are confidential and sensitive, you must store them in a secure location. It is strictly forbidden to:

Hard-code these credentials (as a constant, etc.)
Commit these credentials in a version control system (i.e., in a configuration file)
Store, display or use those on the client side (in your mobile app, front end, etc.)

If these credentials were to be compromised and a revokation was to occur, you would not be able to contact the API at all, until new credentials are provided to you (within 24 hours).

Best practice – Safe storage recommendations

Use a secureString type in AWS SSM services (opens new window) (or any robust Vault system)
Inject them in your application environment variables at the deployment phase.

# Dashboard credentials

Those are composed of dashboard_client_id integer and dashboard_client_secret string.

They are used to log into the Treezor Web Dashboard and cannot be used with the Treezor Connect API itself.

# HiPay credentials

Receiving money or payments from Cards is done via HiPay (a third party).

If your contract with Treezor allows for such a feature, you will receive two pairs of HiPay credentials.

They are used with an Auth Basic authentication method (opens new window) at HiPay's.

# HiPay's Private credentials

Those are composed of hipay_private_user and hipay_private_password, they are use to tokenize Cards.

# HiPay's Public credentials

Those are composed of hipay_public_user and hipay_public_password, they are used to actually request a Payment.

# Webhooks

To check the integrity of the webhooks, Treezor provided you with a webhook_secret string.

That secret is used as a salt (opens new window) to hash the payload of each event.

Security – Keep your secret string safe

If a third-party was to access this secret string, they could send you fake events and your application would trust them.

# Other variables

Note – These are not credentials

These variables can be stored with less stringent measures (you can safely store them in configuration files and environment files).

# Tarif ID

tarif_id is a integer that corresponds to the contract pricing (fees) concluded between Treezor and you. You have one Tarif ID per environment.

Depending on your API version, the tarif_id might be set API-wide, or may have to be passed along when creating each Wallet.

# Card Print ID

card_print_id is an integer that corresponds to a Credit Card design (the design printed on a credit card).

You may have multiple Card designs and need to keep track of their IDs.

# MID (Merchant ID)

If your contract with Treezor allows for such a feature, you will receive your Merchant ID.

← Environments Authentication →