At Signhost, we use different keys to keep your data transfer secure and reliable. Below, we explain the three main keys that you can create in the Signhost web portal.
APP key
Every organization using the API has its own APP key. In every HTTP request to the Signhost servers, you include a header with this APP key. This way, we know exactly which application is making the request. You can easily create this APP key on the 'Developer' page in the web portal.
Read this FAQ article for more details on creating an APP key.
API key (user token)
In addition to the APP key, each user needs a unique API key. In the Signhost web portal, we also call this the 'user token.' This key is unique per user and ensures that transactions are created and managed under the correct Signhost user.
You can generate a user token at the bottom of the "Settings" page in the web portal. Read this FAQ article for help with generating an API key/user token.
Shared secret (for postbacks)
When you send a transaction via Signhost, you can receive postbacks with status updates from the Signhost server. This is useful if your application wants to automatically track the status of transactions.
When you register a postback URL in the web portal, a 'shared secret' is automatically generated. You can use this for checksum validation, an extra layer of security for the postbacks.
For instructions on registering a postback URL, read this FAQ article.