To communicate with Adyen’s APIs, your integration requires a set of credentials. These credentials are provisioned and managed as part of your Valpay setup.
How You Receive Credentials
Valpay will provide your credentials securely:
First for the test environment
Later for the live (production) environment
These will typically include:
API Key → used for authenticating server-side requests
Client Key → used for frontend integrations (Drop-in / Components)
Merchant Account → identifies your account in Adyen
Secure Storage is Critical
You are responsible for storing credentials securely:
Never expose API keys in frontend code
Store them in a secure backend environment (e.g., environment variables, secret manager)
Do not commit them to source control (Git, etc.)
Do Not Regenerate Credentials
Avoid regenerating API keys.
Regenerating keys:
Invalidates existing integrations
Can cause unexpected downtime or failures
Requires coordinated updates across your and our systems
If you believe a key is compromised, contact Valpay before taking action.
Environment Separation
Credentials are environment-specific:
Test credentials → only work in Adyen’s test environment
Live credentials → only work in production
Make sure your application:
Clearly separates environments
Never mixes test and live credentials
Access Control & Permissions
API credentials are configured with specific permissions.
If you encounter errors such as:
Unauthorized requests
Missing capabilities
This may indicate missing roles or permissions. In that case, contact Valpay for assistance rather than attempting to modify credentials directly.
Key Takeaway
Treat your API credentials as sensitive secrets. Store them securely, avoid unnecessary regeneration, and ensure you are using the correct credentials for each environment to maintain a stable integration.