The API Key and API Secret are used to create a Signature to authenticate your API calls. The Signature element is an HMAC-SHA1 hash of selected elements of the request, so the Signature part of the Authorisation header needs to be calculated for each request.

A shared Secret key between you and OrbPay provides a way to establish the authenticity of the API call. That is, it provides OrbPay a way of verifying whether both the message and HMAC OrbPay receives is genuine.

Did this answer your question?