Client Secrets allow you to make secure requests from the browser. This is useful when using our prebuilt widgets to tokenize a payment method or implementing the full Connect Workflows Checkout experience.

Client Secrets have the following properties:

  • They can only be generated via a backend API request using your Connect API Key
  • They expire 30 minutes after being generated
  • They can, and some cases must, be scoped to a Payer. Using a Payer-scoped Client Secret means that you can only create and retrieve resources related to that Payer.
    • When you create a Payer through the Connect Workflows widget, the Client Secret will automatically become scoped to that Payer.
    • If you want to use a Client Secret to retrieve resources that belong to a Payer (such as a Recipient or Payment Method), the Client Secret must be scoped to that Payer.
    • If you want to pre-load a Payer in the Connect Workflows widget, you must provide a Payer-scoped Client Secret that matches the ID of the Payer you are trying to load.

Using the POST /api/v2/client-secrets endpoint

Below is a sample request body you can use to create a Payer-scoped Client Secret

  "payer": {
    "id": "749bc3d0-3e78-4169-a89a-445b1fa1fe95"

If you want to create a non-scoped Client Secret (such as in the case of starting a brand-new Connect Workflows Checkout session where you expect your users to create their Payer for the first time), you can simply make the request to the Client Secret endpoint with an empty request body.