This integration is currently in preview and subject to change.
During the preview, we will work with you directly to set up your account and
credentials.
Server credentials Secret key A server-to-server credential passed as an
Authorization header
Keep your secret key secure and never expose it. Never commit it to your
codebase or send it to your frontend.
Authorization: "Api-Key sk_test_123"
Client credentials Use these to make API requests from your frontend and initialize frames for
sensitive actions.
Never persist client credentials. Only hold them in memory. Use your server to
get a new sessionToken on each app visit.
Session token A token you create on your server and send to your frontend. You use it to start a connect flow .
Access token A token returned from the connect flow . Use it to make authenticated API requests from your frontend (via the SDK or directly), such as:
Getting quotes
Listing payment methods
Listing transactions
This token is intended for client use and shouldn’t be persisted.
Client token A token returned from the connect flow . Use it to initialize subsequent frames (for example, the Apple Pay frame). Within frames, this token is used to make authenticated requests.
This token is intended for client use and shouldn’t be persisted. 
