Hey! How can I assure that the pair of public and secret api keys correspond to each other. I need to use both of them for payment capturing flow. There seems to be no way to check if they are related to same merchant.
Hello @Andrii,
Great question!
At the moment, there is no API endpoint that explicitly validates whether a Public API Key and Secret API Key belong to the same merchant account.
Note that when API keys are generated in Maya Manager, the full (raw) values are only shown once. After you leave or refresh the page, the keys will be masked and no longer viewable in clear text.
To ensure that your keys are correctly paired, we recommend the following best practices:
- Securely store and note which Public and Secret keys belong together at the time of creation.
- Avoid mixing keys across environments. Pair only: Sandbox Public + Sandbox Secret keys, or Production Public + Production Secret keys. Mixing environments will result in capture or payment retrieval failures.
- If you’re unsure whether two keys belong together (for example, if the original pairing wasn’t recorded), the safest approach is to regenerate a new key pair and use that consistently.
If you encounter errors during the capture step (e.g., authorization or merchant mismatch errors) or when retrieving payment details via the GET payment endpoint using the payment ID or RRN, that’s often a sign that the keys are not from the same merchant or environment.