LogoLogo
System status
Commerce API references
Commerce API references
  • Commerce API references
  • Warnings and error codes
    • Errors
    • Error codes
      • HTTP response status codes
      • Error format for Shopper APIs
      • Error codes for Shopper APIs
        • 400 Bad Request
        • 401 Unauthorized
        • 403 Forbidden
        • 404 Not Found
        • 405 Method Not Allowed
        • 409 Conflict
        • 412 Precondition Failed
        • 413 Payload Too Large
        • 500 Internal Server Error
      • Error format for Admin APIs
        • Async error objects
        • Sync error objects
        • Deployment objects
        • Warning objects
      • Error codes for Admin APIs
        • Error patterns
        • Supported image types
        • Asynchronous response error codes
        • Deployment error codes
        • Synchronous response error codes
  • Commerce API reference guide
    • API structure
      • API keys
      • Supported OAuth and Commerce API formats
      • Mini cart widget
      • Custom attributes
      • Fields used as keys
      • Fields and expand query parameters
      • Caching responses
      • CORS support
      • JSONP support
      • Transport
      • Service profiles
      • Supported protocols and formats
      • Elements
      • Rate limiting
      • Locale and currency
      • Exchange rate
      • Product identifier
      • Product external reference identifier (ERID)
      • Customer external reference identifier ERID
      • Cancel request process
      • Failover and redundancy
      • Troubleshooting API calls
    • Shopper APIs reference
      • Carts
        • Offers
          • Offer types
          • POP offers
          • Applied offers
          • Eligible offers
      • Orders
      • Returns
      • Links
    • Admin APIs reference
      • Subscriptions
      • Sites
      • Products
      • Live changes
      • Authorized shipping and billing countries
      • Merchandising
      • Disclosures
    • Glossary
Powered by GitBook
On this page
  • Public keys
  • Confidential keys
  • Service profiles
  1. Commerce API reference guide
  2. API structure

API keys

Understand how to use your API keys.

PreviousAPI structureNextSupported OAuth and Commerce API formats

Last updated 5 months ago

Digital River uses your account's API keys to authenticate your API requests. Contact your Account Manager to obtain your API keys.

Your account provides separate keys for testing and for running live transactions. You can use these keys when sending API requests in either test or live mode. Resources in one mode cannot change resources in another mode. See for additional information on when to use a shopper token and /auth.

Digital River returns an error if you do not include your key when you send an API request or use an incorrect or outdated key.

Rotating API keys is a widely accepted best practice recommended by security experts. It makes tracking usage and detecting suspicious activity easier. By rotating your API keys regularly, you can ensure the security and protection of your sensitive information and resources. For assistance rotating your API keys, contact your Customer Success Manager.

Public keys

The public API keys identify your account with Digital River and allow you to create sources.

Confidential keys

The confidential (secret) API keys allow you to send an API request to Digital River without restriction. Keep these keys confidential and only store them on your servers. Don't use your confidential key for everything.

Service profiles

The service profile determines how you can use your API keys. The Commerce API supports the following service profile levels:

  • Level 1–You can only use the API keys in an implementation/evaluation phase (test orders only). This profile creates carts as test orders.

  • Level 2–You can use the API keys in production (for test and live orders).

  • Level 3–You can use the API keys in production (for test and live orders). These API keys can create payment options and apply payment methods to a cart. A client can provide credit card details in Commerce API requests.

Sending API calls