Obtain your credentials
To integrate ZYKAY, you need a Partner ID and a Partner Secret.
Self-service registration
- Visit partners.zykay.com/register (opens in a new tab)
- Fill out the form (email, company name, website)
- Check your email via the magic link
- Retrieve your credentials on the onboarding page
What you will receive
Immediately after registration:
| Identifier | Format | Example |
|---|---|---|
| Partner ID | pk_live_ + 32 hex characters | pk_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4 |
| Partner Secret | Base64-encoded (32 raw bytes) | dJDEXhf397yTxR4aa8lzML9LvHDUL9bN... |
⚠️
The Partner Secret is base64 encoded. You must decode it into raw bytes before using it as an HMAC key. See the signature documentation for details.
Safety instructions
🚫
Keep your Partner Secret secure!
- Store it in environment variables or secrets manager
- Never commit it to version control
- Never expose it in client-side code
- Run it immediately if compromised
Environment setup
Local development
# .env.local (ajoutez à .gitignore !)
ZYKAY_PARTNER_ID=pk_live_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4
ZYKAY_PARTNER_SECRET=dJDEXhf397yTxR4aa8lzML9LvHDUL9bNLbVRX3NO2acProduction
Use your platform’s secrets management:
| Platform | Method |
|---|---|
| AWS | Secrets Manager / Parameter Store |
| GCP | Secret Manager |
| Vercel | Environment variables (encrypted) |
| Heroku | Config Vars |
| Docker | Docker Secrets |
Check configuration
The easiest way to test your credentials:
- Embed the widget on a test page
- Complete a verification
- Check that your backend receives the
grant_code
To test the API directly, see the Exchange API documentation which contains complete code examples.
The API uses an HMAC signature with body hash and anti-replay nonce. The code examples in the documentation automatically handle this complexity.
Next steps
Once you have obtained your credentials:
- Quick Start - Onboarding in 5 minutes
- Embed widget