Showing results for 
Search instead for 
Did you mean: 

Transaction Key or Signature Key???

The presence of a Signature Key in the API Credentials page in the Merchant Interface appears to be a  new feature.  I'm confused because we are using the CIM function and have always used the Transaction Key with the hosted Accept form.  The page says, "A Signature Key is applicable if your solution uses our hosted payment form...".  Does the Signature Key impact the hosted Accept form?




The Transaction key is used, along with the API login, to authenticate XML and delimited requests. The Signature key is used to authenticate SIM requests and responses.

Powered by -
Certified developers
Trusted Contributor

I have a concern in that the developers we are working with tell us they need a signature key. 

They say "A signature Key is required for the iFrame set up for the shopping cart because it’s using an hosted payment form." 


My concern is that we wanted them to code to use the CIM method whereas the customer is putting their CC number in on the webform and not ours.  From your last response it's needed for the SIM method.  We want to be assured there is no card data on our site. 


If we do indeed need for them to have a signature key and still not have PCI Card Data on our site then my next question is, if I never had a signature key for my current site can I generate one and not have it affect the transaction key?  (I'm not ready to convert and do not want to do this ahead of time if the Txn Key will then only last for 24 hours.

When using the Accept Customer functionality, you would post to the Sandbox API Endpoint: or

Production API Endpoint:


The 2 credentials that are required for the above endpoints are the API_LOGIN_ID and API_TRANSACTION_KEY. 


A Signature can be generated independently from a Transaction Key.


They should be testing in the Sandbox, in which case the generation of new keys would not effect your production environment.

Powered by -
Certified developers

Thanks but can you also confirm that with CIM or SIM and these API's that they are using there will be no Credit Card Data on our website?

If you are using Accept Customer, then any Credit Card data gets tokenized and is not stored on your server.

Powered by -
Certified developers

Hi @kgw39 @psamson



Authorize.Net Accept Customer is a fully hosted solution for payment information capture which allows developers to leverage our Customer Profiles API while still maintaining SAQ-A level PCI compliance. Our forms are mobile-optimized and designed to reduce friction in your consumer experience.


The merchant dont need to generate a signature key for using Accept Customer . 


You can get more details on Accept Customer at



Send feedback at