Skip to main content
Version: 1.1

Generate API Keys

This guide walks you through the process of generating API keys, which are required to authenticate and interact with Fraudio's API

Prerequisites

Before generating API keys, an account administrator must be designated. If you do not have admin access, request Fraudio to grant account admin access to your dedicated admin user.

Steps to Generate API Keys

Follow these steps to generate an API key and authenticate with Fraudio's APIs.

Step 1: Access the API Key Management Section

  1. Log in to the Fraudio portal.
  2. Navigate to:
    • IAM Settings > API Keys
  3. Click NEW API KEY.

Step 2: Choose for Whom to Create the API Key

When creating an API key, select the entity for which the key will be used:

  • For Myself: The key will be used for your user and tenant. An API key is only permitted to do things that you can do yourself.
  • For One of My Tenants: Select this if you manage multiple tenants and need an API key for one of them. Ensures the key is tied to a specific tenant and not the main account. The key is still assigned to your user.
  • For Someone Else: Used to create an API key on behalf of another user in your organization. This can be useful if the API key should be managed by a technical team member. Permissions can be selected only if the other user has those permissions, and you are able to grant them.

Step 3: Configure API Key Details

  • Key Name: Assign a meaningful name to the API key to track its usage.
  • Data Mode: Choose between:
    • Sandbox: For testing transactions in a controlled environment. Recommended when making your first API call, when integrating and when you continue testing new functionality after go-live.
    • Production: For real transactions in a live environment.
  • Expiration Settings:
    • Never: The key will not expire.
    • After a specific period: Set a custom expiration time for security purposes. There is no warning on expiry - the key is simply rejected from that point onwards.

Step 4: Select API Key Permissions

Permissions define what the API key can access. The most important permissions at this stage are:

  • Score Transaction Events: Allows sending transactions to Fraudio’s fraud score API endpoint. Required for real-time fraud detection.
  • Enrich Transaction Events: Allows sending transactions to Fraudio’s payment enrichment API. Required for accessing transaction metadata and insights.

Other permissions may be available based on your organization's setup. Consult with Fraudio support for additional options.

Step 5: Generate and Store the API Key

  1. Click Generate API Key.
  2. The API key will be displayed only once—ensure you store it securely.
  3. Use the key in your API requests as part of the authentication process.

Best Practices for API Key Management

  • Separate concerns: Use separate keys for different applications or services.
  • Expire temporary keys: If you only need a key short-term for testing or validation, set an expiry date.
  • Restrict Permissions: Only grant necessary permissions to minimize exposure.
  • Keep it simple: Do not assign more API keys than needed. There is no performance or reliability benefit to using multiple keys for the same purpose, it only increases risk of exposure.
  • Use secure channels: Avoid sharing API keys in plain text over unencrypted channels. Share keys within your organization(s) only to those who actually need to use them.
Problem with your token?

If your token is lost or think your token has been compromised, please create a new API key with the same settings. Note that the lost or compromised token may still be used in your systems. Replace it with the new token. When you are sure that the lost or compromised token is no longer used, delete it.

If your token is not working in the way you might expect, please get in touch with your Fraudio contact as soon as possible.