Secret Key

Secret key is a unique sequence of characters used for executing operations via Yandex.Checkout (for instance, payments and refunds). You need this key for authentication: to let Yandex.Checkout know that this is you who send us requests for payments.

You need to generate the key in your Merchant Profile (API keys in the settings), register it on your side, and transmit it to Yandex.Checkout in requests for payments.

Who needs a secret key

  1. Those who have a website integrated with Yandex.Checkout via API.
  2. Those who use Yandex.Checkout's payment module.

If you implemented Yandex.Checkout via the HTTP protocol, or your CMS operates under Yandex.Checkout's former protocol, you do not need a secret key. You can view the integration method in the store's settings.

Issuing secret key for the first time

Secret key is issued in the process of your onboarding with Yandex.Checkout (or when you connect a new store). If you run several stores, each one will require a separate key.

1. Log in to your Merchant Profile and select the store you need (in the top menu).

1. View SettingsAPI keys, click Issue key in the "Secret key" block.

3. Confirm the issuance of the key with a password: we will send it in a text message to the number linked to Merchant Profile.

Click Send a password.

Enter the password from the text message and click Issue key.

If you do not have a phone number linked to Merchant Profile, we will offer you to do so. Otherwise, you will not be able to issue a key. Enter the number and click Link the phone.

We will send a text message containing the password to this number: enter the password and click Issue key.

The phone number will be linked to your Merchant Profile. We will continue sending passwords for confirming important actions (for example, payments or refunds) to it. You can unlink or change the number at any time under Account management.

4. After that, you will see a window containing your secret key. You need to copy the key and register it on your side.

Important The key is only available in this window: copy it, download it as a file, and save it in a safe place. After the window is closed, we will hide the key, and it will only be available to you.

How to reissue the key

If something goes wrong with the key (for instance, you lost or compromised it), you need issue a new one.

1. Log in to your Merchant Profile and select the store you need (in the top menu).

2. View SettingsAPI keys, and click the arrow icon next to the required key in the "Secret key" block.

3. A window for confirming the reissuance will open. The confirmation password for will be sent in a text message to the phone number linked to Merchant Profile.

Important After the reissuance, the current secret key will still be valid for 48 more hours. During this period, register the new key wherever necessary.

Click Send a password.

Enter the password from the text message in the field and click Reissue the key.

4. Copy the new key and register it on your side. The previous key will stop working after 48 hours.

You can reissue the secret key several times in a row, but only the last one issued will be the active one.

Deleting a secret key

1. Log in to your Merchant Profile and select the store you need (in the top menu).

2. View SettingsAPI keys, and click the basket icon next to the required key in the "Secret key" block.

3. Confirm the deletion of the key with a password: we will send it in a text message to the number linked to Merchant Profile.

Important After the deletion, the current secret key will still be valid for 48 more hours.

Click Send a password.

Enter it in the confirmation field and click Delete the key.

Done, your secret key has been deleted.

Specifying the key for a ready-made module (CMS)

If you use a ready-made Yandex.Checkout payment module, just navigate to module settings and paste the copied key to the Secret key field. For more information about the settings, see module instructions for your CMS.

Important This is only relevant for modules operating under the new Yandex.Checkout API. Some of the modules still operate under the former protocol. They do not require a secret key.

Specifying the key in custom-made systems

If you use a custom payment module, you need to transmit the secret key in the headers of all requests made via Yandex.Checkout API.

You need to place this key in your system's code: this is usually done by technical experts on your site.