Skip to main content

Getting Your API Keys

To use the Little Pay API, you'll need to obtain your API credentials from the merchant portal. This guide will walk you through the process of accessing your clientId, clientSecret, and tokenId.

Prerequisites

  • You must have a merchant account with Little Pay
  • You must have access to the merchant portal

Step-by-Step Instructions

1. Access the Merchant Portal

Navigate to https://pay.little.africa and log in to your account.

2. Open Merchants Section

From the main dashboard, click on the Merchants menu item in the left sidebar.

3. Select Your Merchant

Click on the specific merchant account you want to manage. If you have multiple merchants, make sure you're selecting the correct one.

4. Access Merchant Settings

Once you're in the merchant view, click on Merchant Settings from the left sidebar.

5. Navigate to Security

In the Merchant Settings page, look for and click on the Security tab or section.

6. View Your API Credentials

On the API Security page, you'll find your current API credentials:

  • Client ID (clientId)
  • Client Secret (clientSecret)
  • Token ID (tokenId)
  • Secret key (X-API-KEY)

7. Rotate Your Secret Key (Optional)

If you need to generate a new secret key for security reasons:

  1. Click the Rotate Key button
  2. Confirm the action when prompted
  3. Copy the new secret key immediately (it won't be shown again)

Important: Keep your API credentials secure and never share them publicly. If you suspect your credentials have been compromised, rotate your secret key immediately.

Using Your API Credentials

Basic Authentication

Use your clientId and clientSecret for Basic Authentication in API requests:

Authorization: Basic {base64(clientId:clientSecret)}

X-API-KEY Header

Use your secret key as the X-API-KEY header in API requests:

X-API-KEY: your_secret_key_here

Security Best Practices

  • Never commit API keys to version control
  • Use environment variables to store your credentials
  • Rotate your secret key regularly (recommended every 90 days)
  • Monitor your API usage for any suspicious activity
  • Use HTTPS for all API communications

Need Help?

If you encounter any issues accessing your API credentials or have questions about API security, please contact our support team through the merchant portal or reach out to your account manager.