Appearance
Secret Key
The Secret Key is assigned by the iGV platform and used for generating and verifying signatures on callback requests.
Properties
| Property | Description |
|---|---|
Length | 32 characters |
Format | Alphanumeric (a-z, A-Z, 0-9) |
Purpose | HMAC-SHA256 signature generation and verification |
Distribution | Configured and provided by the iGV platform |
How to Obtain
- Provide your callback URL to the iGV platform
- The platform will configure the Secret Key and send it to you via email
- Store the Secret Key securely
Security Requirements
Must Be Stored Securely
- Do not expose in client-side code
- Do not log in application logs
- Do not commit to version control systems
- Do not transmit through unencrypted channels
Storage Recommendations
| Approach | Description |
|---|---|
| Environment variables | The simplest secure storage method |
| Key management service | AWS KMS, GCP Secret Manager, Azure Key Vault |
| Encrypted configuration file | Configuration file encrypted with a master key |
Usage Scope
The Secret Key is used solely for callback signature verification and is not used for business API calls. Business APIs use Bearer Token authentication.