Authorize.Net API Credentials — Login ID, Transaction Key & Public Client Key
What each Authorize.Net key does, where to find them in the merchant portal, and which three values SpotPro and Coin Dealer X need for card checkout.
Payment Settings → Opens your members area in a new tab
Step-by-step instructions
1 Open API Credentials in Authorize.Net
Log in to the Authorize.Net Merchant Interface. Go to Account → Security Settings → API Credentials & Keys. You will see four credential types on one page: API Login ID, Transaction Key, Signature Key, and Public Client Key.2 API Login ID — identifies your merchant account
Authorize.Net describes the API Login ID as a complex value that identifies your account when your website submits transaction requests. It is typically a short alphanumeric string (often 8–20 characters). Copy only the Login ID into the API Login ID field in SpotPro Company Profile or Coin Dealer X payment settings. Do not paste the Transaction Key or Public Client Key into this box — a combined paste is a common setup mistake and card checkout will fail.3 Transaction Key — 16-character server secret
The Transaction Key is a 16-character alphanumeric value randomly generated by Authorize.Net. It adds authentication for server-side charge requests. Store it only in the Transaction Key field (password-style in SpotPro and CBD). Regenerating it in Authorize.Net invalidates the previous key immediately — update SpotPro/CBD the same day. Buyers never see this value.4 Public Client Key — required for Accept.js checkout
The Public Client Key is for Authorize.Net Accept products (Accept.js). You must generate it before embedded card fields work. Authorize.Net states this key is intended for client-side code and is not used to initiate transactions on its own — it is safe to use in checkout pages. Copy it into the Public Client Key field. SpotPro ExtraCoins and Coin Dealer X wholesale checkout use this key with Accept.js so customers enter card details on your page.5 Signature Key — webhooks only (not used for SpotPro/CBD checkout)
The Signature Key is a long hex value used with HMAC-SHA512 for legacy SIM/DPM integrations and Webhook notifications. Authorize.Net requires a Signature Key configured before you can receive webhook events. SpotPro and Coin Dealer X card checkout do not ask for the Signature Key today — do not paste it into the Public Client Key field. Keep it in Authorize.Net for future webhook or fraud-notification setups.6 Paste into SpotPro (ExtraCoins store)
In SpotPro: Configuration → Company Profile → Online payments. Enable Authorize.Net. Enter API Login ID, Public Client Key, and Transaction Key in the three separate fields. Leave Transaction Key blank on save if you are not rotating it (SpotPro keeps the saved key). Uncheck sandbox unless you are using test credentials. Click Save.Three Authorize.Net fields in Company Profile. 7 Paste into Coin Dealer X (wholesale B2B)
Approved CBD dealers: Profile → Payments accepted. Choose Card and processor Authorize.Net. Enter the same three values in the matching fields. Enable Card on individual listings so buyers can select card at checkout. See Set Up Online Payments for ExtraCoins; wholesale uses the same Authorize.Net credential types.8 After regenerating keys
If you click Generate new transaction key or Generate new public client key in Authorize.Net, update SpotPro and CBD immediately. Old keys stop working at once. Run a small live test order on ExtraCoins and (if enabled) a CBD wholesale card order before announcing card payments to customers.9 Sandbox vs production
Authorize.Net provides separate sandbox credentials for testing. In SpotPro or CBD, check Use sandbox only when every key (Login ID, Transaction Key, Public Client Key) came from the sandbox portal. Production keys with sandbox mode enabled — or the reverse — produce opaque checkout errors.