Secret Key
Secret key is a unique sequence of characters used for executing operations via YooMoney (for instance, payments and refunds). You need this key for authentication: to let YooMoney know that this is you who send us requests for payments.
You need to generate the key in your Merchant Profile (API keys in the settings), egister it on your side, and transmit it to YooMoney in requests for payments.
Who needs a secret key
- Those who have a website integrated with YooMoney via API
- Those who use YooMoney's payment module
If you implemented YooMoney via the HTTP protocol, or your CMS operates under YooMoney's former protocol, you do not need a secret key. You can view the integration method in the store's settings
Issuing secret key for the first time
Secret key is issued in the process of your onboarding with YooMoney (or when you connect a new store). If you run several stores, each one will require a separate key.
- Log in to your Merchant Profile and select the store you need (in the top menu).
- View Settings — API keys, click Issue key in the "Secret key" block.
- Confirm the issuance of the key with a password: we will send it in a text message to the number linked to Merchant Profile.Click Send a password.Enter the password from the text message and click Issue key.
- After that, you will see a window containing your secret key. You need to copy the key and register it on your side.Important The key is only available in this window: copy it, download it as a file, and save it in a safe place. After the window is closed, we will hide the key, and it will only be available to you.
How to reissue the key
If something goes wrong with the key (for instance, you lost or compromised it), you need issue a new one.
- Log in to your Merchant Profile and select the store you need (in the top menu).
- View Settings — API keys, and click the arrow icon next to the required key in the "Secret key" block.
- A window for confirming the reissuance will open. The confirmation password for will be sent in a text message to the phone number linked to Merchant Profile.Important After the reissuance, the current secret key will still be valid for 48 more hours. During this period, register the new key wherever necessary.Click Send a password.Enter the password from the text message in the field and click Reissue the key.
- Copy the new key and register it on your side. The previous key will stop working after 48 hours.
You can reissue the secret key several times in a row, but only the last one issued will be the active one.
Deleting a secret key
- Log in to your Merchant Profile and select the store you need (in the top menu).
- View Settings — API keys, and click the basket icon next to the required key in the "Secret key" block.
- Confirm the deletion of the key with a password: we will send it in a text message to the number linked to Merchant Profile.Important After the deletion, the current secret key will still be valid for 48 more hours.Click Send a password.Enter it in the confirmation field and click Delete the key.Done, your secret key has been deleted.
Specifying the key for a ready-made module (CMS)
If you use a ready-made YooMoney payment module, just navigate to module settings and paste the copied key to the Secret key field. For more information about the settings, see module instructions for your CMS.
Important This is only relevant for modules operating under the new YooMoney API. Some of the modules still operate under the former protocol. They do not require a secret key.
Specifying the key in custom-made systems
If you use a custom payment module, you need to transmit the secret key in the headers of all requests made via YooMoney API.
You need to place this key in your system's code: this is usually done by technical experts on your site.