The Mollie API offers three authentication methods:
- API keys: basic API access for a specific payment profile.
- Organization access tokens: advanced API access for organization-level data. (API v2 and later)
- App access tokens (OAuth): for app developers who need access to the Mollie accounts of their app users.
We recommend creating basic API keys to get started.
Creating API keys
The first thing you need is a website profile. Each website profile has a Live API key and a Test API key.
While building and testing your integration, you should use the Test API key. Read more about the test mode in our :doc:`guide </guides/testing>` about testing the Mollie API. Once you're ready to start processing real payments, switch out your test key for the Live API key.
Of course it's very important to keep any API keys :doc:`secure </guides/security>`. Do not ever share them. However, if a key leaks you can always regenerate it. Don't forget to apply new keys to your code. Until you do your integration will not work.
Authenticating an API call
The API key or token must be sent along with each API request, by providing it in the HTTP call's
header using the
Bearer method. For example: a valid
Authorization header is
Bearer test_dHar4XY7LxsDOtmnkVtjNVWXLSlXsM. Our default API clients provide shortcuts to easily set the API key or
access token. For example, our PHP client offers
In the example below we use a Test API key on the
GET method of the
:doc:`resource </reference/v2/payments-api/get-payment>`. This method fetches a payment - in this case the payment with
the fictional payment ID
The response will be JSON.
Comparison of authentication methods
For completeness' sake, the following table compares the available authentication methods.
|API key||Organization access token||App access token (OAuth)|
|Access level||Access to all actions on the payment processing APIs for a specific payment profile.||Access to the API actions you selected when creating the token.||Access to the API actions the app user gave your app explicit permission to.|
|Requirements||Create a payment profile first via Dashboard: Profiles overview, or using the :doc:`Profiles API </reference/v2/profiles-api/get-profile>`.||None.||Create an application, then have a user authorize your app to access their account data. See :doc:`Mollie Connect </oauth/overview>` for more information.|
|Test mode||API keys come in pairs. Use the Test API key for test mode.||Use the
|Create via||Dashboard: API keys||Dashboard: Organization access tokens||:doc:`OAuth authorization flow </oauth/overview>`|