Skip to main content
All CollectionsWeb CheckoutFrequently Asked Questions
Can I implement the checkout widget without exposing the API key in the DOM?
Can I implement the checkout widget without exposing the API key in the DOM?
Lucia Burin Sestakova avatar
Written by Lucia Burin Sestakova
Updated over a week ago

πŸ“• IMPORTANT NOTE

The API key referred to in this article can be found on the detail page of your web checkout.

API Key

The API key is primarily used for our checkout process and serves as a unique identifier.

While it can perform more than just GET requests, it is important to note that it only has access to pending orders specific to the guest at the time.

Permissions and Limitations

  • Scope of Access

    Its permissions are limited to operations related to the checkout process and managing the guest's own pending orders.

  • Restricted Actions

    It cannot be used to modify existing bookings or interact with sensitive POST or PATCH endpoints beyond completing a purchase.

  • Publicly Available Information

    The information that can be accessed through this API key is limited to what is already available on the website.

πŸ“’ NOTE

If you suspect that any information accessible via this API key should not be public, please contact Ventrata Technical Support or your dedicated Customer Success Representative. Provide specific details so our team can review this issue.

Handling Sensitive Operations
For any operations involving booking modifications or access to more sensitive POST and PATCH endpoints, a separate API key, known as the connection key, is used. This key is never exposed in the DOM and remains securely stored.

Related Articles
Reservotron Operator Connection
Zaui Operator Connection
Expian Operator Connection
Xola Operator Connection
How to Integrate and Use the Fingerprint Anit-Fraud Protection
Did this answer your question?