Yera Connect

Yera Connect

Help Center

API keys

Create and manage public and secret keys for integrations.

API keys connect merchant tools to Yera Connect.

They allow WooCommerce, hosted checkout, payment links, and custom backend integrations to create checkout sessions and communicate securely with Yera Connect.

Key types

  1. Public key - identifies the merchant or integration. This can be used by client-facing flows when required.
  2. Secret key - authenticates secure server-side requests. This must stay private.

Never expose secret keys on the storefront, in browser JavaScript, or in public repositories.

Sandbox keys and live keys

Use sandbox keys for testing. Sandbox keys help merchants test checkout without real production payment risk.

Use live keys only after:

  1. Company profile is complete.
  2. Account is approved for live use.
  3. Wallet is verified.
  4. Settlement asset is selected.
  5. Webhooks have been tested.
  6. A sandbox checkout has worked from start to finish.

Keep sandbox and live keys separate. Do not paste live keys into a staging website unless you intentionally want that environment to create live checkout sessions.

Use clear names:

  1. WooCommerce sandbox
  2. WooCommerce live
  3. Payment links API
  4. Hosted checkout API
  5. Backend integration

Good key names make support and rotation easier. If a key is compromised, the merchant can identify which integration is affected.

WooCommerce keys

For WooCommerce, merchants normally add both:

  1. Yera Connect public key
  2. Yera Connect secret key

The plugin uses the keys to create checkout sessions and verify the store connection.

The secret key should only be stored inside WordPress admin plugin settings. It must not be printed on the storefront or included in JavaScript.

Custom API keys

For custom integrations, the backend should send requests to Yera Connect using the secret key.

Common custom integration use cases:

  1. Create hosted checkout sessions from a backend.
  2. Attach order metadata to a checkout session.
  3. Track payment session status.
  4. Receive webhook events in the merchant system.
  5. Reconcile Yera transactions with internal order records.

When to rotate a key

Rotate keys when a secret is shared with the wrong person, committed to code, exposed in logs, or used by an old integration that is no longer trusted.

Safe key handling

Merchants should:

  1. Copy keys only from the Yera Connect dashboard.
  2. Store secret keys in server-side settings only.
  3. Limit access to administrators.
  4. Rotate keys if staff access changes.
  5. Delete old keys that are no longer used.
  6. Avoid sharing keys over chat or email when possible.

We use cookies

Yera Connect uses cookies to keep the website secure, remember preferences, and improve the merchant experience. By selecting Accept, you agree to our Cookie Policy.