There are 2 API environments:

1)      The test/sandbox environment (

2)      The production environment (


Once your initial testing has been completed in the test/sandbox environment, and you are ready for production, you should progress to the certification process (see link). Once certification has been achieved you will progress to production. Within each environment you will need:

i.                 A Merchant ID (MID)

ii.                A secret key (one per MID)

iii.               A subscription key (which should be passed in a http header called ‘Connect-Direct-Subscription-Key’)

The values for these items will differ between test/sandbox and production.

It is critical that your integration NEVER allows these values to be exposed to 3rd parties. In particular they must never be sent to web browsers or other uncontrolled device/application. The corollary of this is that all calls to the API originating from user interaction with web browsers/ uncontrolled devices must come from a “back end” system.