API referenceiFrame V1ExpressSupportBlog
Guides

The Spreedly app

Read more about setting up your payment environments and reviewing transaction performance in the Spreedly application.

Suggest Edits

Once you have registered for a Spreedly account, you can sign on to the application in order to set up your API credentials. This places you in the context of a payment environment. All new organizations also have an initial environment created, titled 'New Environment'. Set up the environment with a unique name, then create and store API credentials.

Environment key

An environment in Spreedly organizes your payment data. To get started, log in and click the environment name in the top-left. Select "Environment settings" to view information on that environment, or select "Create new environment" to set up another. We suggest giving each environment a unique name. Your new environment will be created with its environment key automatically generated.

The environment key will be used as part of your API credentials. You can execute API calls across different environments by using the relevant environment key to identify it. Environment access is controlled via RBAC from the user menu.

The environment menu includes key details including access secrets and signing secrets.

Access secrets

Access secrets authorize API calls made to an environment, making up the other half of your API credentials along with the environment key. Environment access secrets work only on a single environment. Spreedly recommends using separate environments to isolate production connections and data from non-production connections and data. Test and QA environments should not share credentials with production level environments.

Access secrets can be created and deleted from the Access secrets area of the Environment menu. They should be created on a per-application basis and should be named accordingly.

Unlike environment keys, access secrets are just that: secret. Access secrets are considered private and secure. Do not share them or expose them to insecure channels - even in emails to the Spreedly team. An access secret, in combination with an environment key, grants full access to the Spreedly API. If you or another user in your organization share an access secret insecurely, we advise that you revoke the secret as soon as possible and generate a new one. We recommend deleting and creating new access secrets for each production environment at least every 90 days as best-practice.

Updated 2 months ago