RSA Key Generation
RSA Key Generation Guide
Smilepayz API requests are signed with your merchant RSA private key. You upload the matching public key in the merchant backend so Smilepayz can verify your signatures. This guide walks through generating and saving keys in sandbox and production.
Overview
| Key | Who holds it | Purpose |
|---|---|---|
| Merchant private key | You (never upload) | Sign Pay-in, Pay-out, and Inquiry API requests |
| Merchant public key | Uploaded to Smilepayz | Smilepayz verifies your X-SIGNATURE |
| Platform public key | Copied from Configuration Info | You verify callback signatures |
Use separate key pairs
Generate different RSA key pairs for sandbox and production. Do not reuse sandbox private keys in production.
Key requirements
The merchant backend enforces 2048-bit RSA keys (SHA256withRSA signing). The UI stores your public key as Base64 text without PEM headers in the input field.
- Private key — keep the downloaded file secure; used on your server only
- Public key — paste or auto-fill in Merchant Public Key, then Save
For how signatures use the private key, see Signature Authorization.
Sandbox: generate and save keys
Step 1: Open API Setting
- Sign in to the merchant backend.
- Switch the top toggle to Sandbox.
- Open Configuration in the left sidebar.
- Select the API Setting tab.
- Scroll to Merchant Public Key.
Step 2: Generate the key pair
- Click Generate RSA Keys.
- The browser downloads a key-pair file (filename includes
Sandboxand a timestamp). - The public key is auto-filled in the text box below the buttons.
Step 3: Save the public key
- Confirm the public key in the text box.
- Click Save at the bottom of the section.
- Store the downloaded file in a secure location — it contains your private key.
Production: generate and save keys
Production uses Settings → Configuration instead of the sandbox Configuration menu.
Step 1: Open API Setting
- Sign in to the merchant backend.
- Ensure the top toggle is Production.
- Go to Settings → Configuration.
- Open the API Setting tab.
- Scroll to Merchant Public Key.
Step 2: Generate and save
- Click Generate (production label; same action as sandbox).
- Save the downloaded private-key file securely.
- Review the public key in the text box.
- Click Save API configuration at the bottom of the page.
Production API Setting differences
On production API Setting, IP whitelist entries are display-only (maintained by the platform). Callback fields are labeled Payin and Payout. The save button reads Save API configuration.
Downloaded key file
The downloaded file typically contains PEM blocks for both keys:
-----BEGIN PRIVATE KEY-----
[Base64 private key content]
-----END PRIVATE KEY-----
-----BEGIN PUBLIC KEY-----
[Base64 public key content]
-----END PUBLIC KEY-----
Use the private key (PKCS#8, Base64) in your integration code or SDK. The value in the backend text box matches the public key content without -----BEGIN/END----- lines.
After configuration
- Configure Integration Information (IP whitelist, callback URLs) if not done yet.
- Test signing on the sandbox Signature Test tab or with a sandbox API call.
- When going live, repeat the process in production with a new key pair.
Troubleshooting
| Issue | What to do |
|---|---|
| API signature rejected | Confirm you clicked Save after generating; verify the private key matches the uploaded public key |
| Wrong environment | Sandbox and production keys are separate — check toggle and Merchant ID prefix |
| Lost private key | Generate a new pair, upload the new public key, and update your server |
| Public key box empty after Generate | Retry Generate; check browser download permissions |