> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cryptoprocessing.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Generate and activate API keys

Available to roles: <Badge color="blue">Owner</Badge>

You need to generate an API key and a secret key before you can start making API requests:

* **API key** - Specified in the `X-Processing-Key` header in API requests. You can view it in the **API keys** section of your merchant dashboard.
* **Secret key** - Used to generate an HMAC-SHA512 signature of the request body. The signature is specified in the `X-Processing-Signature` header in API requests. You can view the secret key only once, after activating the API key for the first time.

<Note>
  API keys are not tied to a specific user. They are tied to your merchant account. Only one API key and secret key pair can be active for a merchant at a time.
</Note>

## Generate an API key and activate it

<Steps>
  <Step title="In your merchant dashboard, go to the API keys tab." />

  <Step title="Click Generate API key, enter your 2FA code, and click Generate. ">
    The list of **Generated API keys** will be updated.
  </Step>

  <Step title="Click Activate next to the API key.">
    Only one API key can be active at a time. If another key is already active, disable it first, then return to this step.
  </Step>

  <Step title="Optionally, specify IPs addresses for your requests, enter your 2FA code, and click Activate.">
    <Warning>
      Your secret key will be displayed after you click **Activate**. Make sure no one can see or record your screen.
    </Warning>

    Specify the public IP addresses from which you will make requests to the API. Use either IPv4 or IPv6 format, and separate multiple IP addresses with commas. If you leave this blank, requests from any IP address will be accepted.
  </Step>

  <Step title="Save your secret key and click Done.">
    Your secret key is displayed only once. Toggle **Secret key QR code** to display the secret key as a QR code.

    <Card title="Do not share your secret key with anyone. " type="danger">
      If you think your secret key may have been compromised, [deactivate it](/merchant-administration/deactivate-an-api-key) immediately and contact our Support team.
    </Card>
  </Step>
</Steps>

## FAQ

### How can I view my secret key if I lost it?

If you don't have your secret key, you need to [deactivate](/merchant-administration/deactivate-an-api-key) the corresponding API key, and then generate a new API key and secret key.

### What should I do if someone else got access to my secret key?

If you suspect that your secret key was compromised, [deactivate it](/merchant-administration/deactivate-an-api-key) immediately and contact our Support team.