[iyzico] Whether an «API Key» value should be secret or not?

dmitry_fedyuk · February 4, 2017, 3:31pm

An «API Key» value can be public, because it is used only in conjunction with the secret «Secret Key» value:

iyzico/iyzipay-php/blob/v2.0.25/src/Iyzipay/IyzipayResource.php#L29-L33


protected static function prepareAuthorizationString(Request $request, Options $options, $rnd)
{
    $hash = HashGenerator::generateHash($options->getApiKey(), $options->getSecretKey(), $rnd, $request);
    return vsprintf("IYZWS %s:%s", array($options->getApiKey(), $hash));
}

It is impossible to do anything with the iyzico API using only an «API Key» value without the corresponding «Secret Key» value.
iyzico API employs public-key cryptography, where an «API Key» is a public key, and the corresponding «Secret Key» is the private key.