Key Exchange Server API | Splitit Developers

📄️ Introduction

Splitit's Key Exchange Server allows you to both create and store encryption keys in order to enable secure communication with Splitit. You can use keys to download encrypted reports or credentials from Splitit, to verify the authenticity of Splitit communications, to send encrypted communications to Splitit, or to have Splitit verify the authenticity of your communications.

📄️ Get Splitit Token

Authenticate using your *client_id* and *client_secret* from your [merchant portal](https://merchant.sandbox.splitit.com) (Splitit support will also have to enable key server access for you).

📄️ Fetch a Key

This endpoint retrieves general information for a specific key, including the associated public key.

📄️ Delete a Key

Using this endpoint sets the key expiration to the current date and time, effectively disabling the key for further use. Note that this call does not return a 200 message but if you [fetch](/api/keys/fetch-a-key) your key again, you will see the new expiration date.

📄️ List All Keys

This endpoint is accessed with your owner name, and returns a list of keys along with non-sensitive information.

📄️ Rotate Public Key

Use this endpoint to change your public key that is stored by Splitit (you should never share a private key with Splitit). In this scenario, Splitit uses your public key to encrypt data sent to you, to verify that communication that came from you is actually from you.

📄️ Generate Key Pair

Generate a dedicated Splitit key pair that you can use to PGP-encrypt traffic sent to Splitit or to verify that a message coming from Splitit is authentic (RSA). In the first scenario, Splitit securely holds the private key half of the pair and you encrypt your outgoing traffic with the public key half. In the second scenario, you use your public key half to verify that Splitit's communication originated at Splitit (Splitit signs with their private key half).

📄️ Set Key Expiration

Set the expiry for a key in UTC format. Note that this call does not return a 200 message but if you [fetch](/api/keys/fetch-a-key) your key again, you will see the new expiration date.

🗃️ Encryption and Signature Authentication

6 items