Skip to content

Generate keys


To generate keys, you must have:


  1. Sign in to Qredo Web App and generate API keys for API user authentication.
  2. Generate RSA API sign keys to authorize and sign API requests.
  3. In the Qredo Web App, add the public RSA key created.


You must never use API keys in the frontend of your application or malicious users could discover them in your source code. You should only use them on your server. You must never embed API keys in your backend code as this increases the risk of discovery.

API keys for authentication

The Qredo API keys are Base64-encoded and are used for API user access. There are two types of Qredo authentication API keys:

  • Production keys: use these for live action with the Partner API.
  • Sandbox keys: use these to test your integration with the Partner API.

Sandbox vs. Production keys

Sandbox and production keys are used in the same environment. There is no difference regarding their use with the API: the base URL and all endpoints are the same.

Generate API keys in Qredo Web App

  1. Sign into the Qredo Web App.

  2. In the top right corner, click on your name, select the Account type you need, and click Settings.

    Further support

    Switching accounts is described in greater detail here.

  3. From the tabs, select Partner API to display the following screen:


  4. Click Generate API Key.


  5. Click Copy to clipboard. This copies the Base64-encoded authentication key for the environment to your clipboard.

  6. Paste the key into a text file and save it as apikey (no file extension). You will use this file with the Partner API Signing Client.

Regenerate keys if needed

If you lose or forget to copy the API key, complete the procedure again to regenerate the API key.

Keep your keys safe!

  • DO NOT share your keys with unauthorized parties.
  • DO NOT store your keys in easily accessible or compromizable locations.

RSA keys for signing

The API requires RSA key pairs for authorizing and signing requests.

  • The Qredo server verifies the signature against the public RSA API key.
  • The private RSA API key signs the requests.

Generate RSA keys using the CLI

The following example uses the CLI (Command Line Interface) for generating the RSA key pair, but you can use any preferred tool to perform this task. The Qredo Partner API works with 2048-bit RSA keys.

  1. Generate a 2048-bit RSA key pair and store the private key in a file named private.pem using the CLI command:

    openssl genrsa -out private.pem 2048

    You should see the following message:

    Generating RSA private key, 2048-bit long modulus...


    Some versions of OpenSSL may require an additional argument. For OpenSSL 3.0.7 (20021101), also pass -traditional:

    bash openssl genrsa -traditional -out private.pem 2048

  2. Extract the public key from the key pair and store it in a file named public.pem using the command:

    openssl rsa -in private.pem -outform PEM -pubout -out public.pem

    You should see the following message:

    writing RSA key

The key pair files private.pem and public.pem are created in the current working folder.

Upload public RSA key to Qredo Web App

You need to associate the RSA key pair to your Qredo account by adding your public RSA keys using the Qredo Web App.

To complete this procedure, return to the Partner API page in the Web App:

  1. Sign in to the Qredo Web App.

  2. In the top right corner, click on your name and open Settings for the required account.

  3. Select Upload Public Key to open a dialog box.

  4. Locate the public.pem RSA key file you created earlier and open it using a text editor.

  5. Copy the entire contents and paste into the dialog box.


  6. Click Upload.

  7. Success: a green LIVE indicator appears.

    Note, more recent versions of the Web App support just one key type. Use the key in Production and/or the Sandbox environments according to your need.


Next, understand how to authenticate and authorize API calls.

Last update: 2022-12-21