Skip to main content
To interact with the QFPay OpenAPI, you must use the credentials issued during onboarding. These credentials identify the store and ensure requests are authenticated securely.

Store-Level Integration

QFPay OpenAPI integrations operate at the store level. Each API request is processed for a specific store using the identifiers provided by QFPay.

Required Credentials

QFPay provides the following credentials:
  • app_code — Primary identifier of the store.
  • client_key — Secret key used to generate request signatures.
  • mchid (optional) — Store identifier used in certain configurations.
Use only the identifiers provided by QFPay during onboarding.If an mchid is provided, include it when required.
If it is not provided, do not include it in API requests.

When is mchid used?

mchid may be required in certain configurations, including:
  • agent-managed setups
  • specific payment channel requirements
  • store identification requirements defined during onboarding
Some integrations use only app_code and client_key. Always follow the credentials provided by QFPay.

Security Responsibilities

Keep your credentials secure:
  • Never expose the client_key in frontend or mobile applications.
  • Do not commit credentials to public repositories.
  • Store secrets securely using environment variables or a secrets manager.