Authentication

banca.me uses two types of API keys for different purposes:

Backend Authentication (Private Key)

The Private Key (also known as Secret Key) is used for backend API authentication. This key has full access to all API endpoints and should be kept secure. Never expose this key in client-side code or public repositories. Make sure you keep them safe! 👮

Security

The Private Key has full access to your account and should be treated as a secret. Never share it or commit it to version control.

The API expects every backend request to be authenticated with the Private Key through the Authorization header:

Authorization: Bearer YOUR_PRIVATE_KEY

Frontend Authentication (Public Key)

The Public Key is used for frontend widget initialization. This key has limited permissions and is safe to use in client-side code. It's used to initialize the Banca.me widget and validate widget tokens.

Usage

The Public Key is safe to use in client-side code and is required for widget initialization.

Example of using the Public Key in widget initialization:

const widget = BancameWidget.create({
  publicKey: "YOUR_PUBLIC_KEY",
  widgetToken: "WIDGET_TOKEN",
  // ... other configuration
});

Key Management

Keep your Private Key secure and only use it in backend services
Use the Public Key for frontend widget initialization
Both keys are required for a complete integration
Keys are environment-specific (development, staging, production)
Contact support to obtain your API keys

Key Storage

Your API keys will be available through 1Password. Make sure to store them securely and rotate them regularly.

Backend Authentication (Private Key)​

Frontend Authentication (Public Key)​

Key Management​

Backend Authentication (Private Key)

Frontend Authentication (Public Key)

Key Management