BankPay provides an API for server-to-server communication and an SDK that presents interfaces with which consumers directly interact.
Your integration will be provided two keys, a publishable key for SDK calls and a secret key for server-to-server API calls.
Publishable keys are the only authentication method provided for SDK calls. You include your unique publishable key each time you make an SDK call. Refer to the specific SDK documentation iOS or Android for more information and how to include this value.
Secret keys are used only in server-to-server API calls. Secret keys must never be included in an app or shared in any way. If a secret key is compromised in this way, you must report that immediately so that a new secret key can be issued.
All server-to-server API calls must be made over HTTPS authenticated with your secret key.