> ## Documentation Index
> Fetch the complete documentation index at: https://www.cashfree.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Getting Started

> Set up your Cashfree Secure ID integration by generating API keys, whitelisting IPs, configuring 2FA signatures, and reviewing test endpoints before going live.

* [View end points](/api-reference/vrs/getting-started#view-end-points)
* [Generate API keys](/api-reference/vrs/getting-started#generate-api-keys)
* [Whitelist IP address](/api-reference/vrs/getting-started#whitelist-your-ip-address)
* [2FA API signature generation](/api-reference/vrs/getting-started#2fa-api-signature-generation)
* [Configure success rate alerts](/api-reference/vrs/getting-started#configure-success-rate-alerts)
* [Any queries: contact us](/api-reference/vrs/getting-started#contact-us-for-any-queries)

<Tip>Install [Cashfree Agent Skills](/tools-ai/cashfree-agent-skills) to bring Cashfree product knowledge into your AI coding assistant (Claude Code, Cursor, VS Code Copilot, Gemini CLI, and more) to answer integration questions and generate accurate code without leaving your editor.</Tip>

## View end points

Cashfree Payments uses API keys to allow access to the API. Once you have signed up at our merchant site, you will be able to see your AppId and SecretKey.

Cashfree expects API key to be included in all API requests to the server. Use the endpoint **/api/v1/credentials/verify** to verify your credentials.

| Environment | URL                                                                                    |
| :---------- | :------------------------------------------------------------------------------------- |
| Production  | [https://api.cashfree.com/verification](https://api.cashfree.com/verification)         |
| Test        | [https://sandbox.cashfree.com/verification](https://sandbox.cashfree.com/verification) |

## Generate API keys

Follow the instructions below to generate API keys:

1. Log in to your [Secure ID dashboard](https://merchant.cashfree.com/verificationsuite/home) and click **Developers** on the navigation panel.
2. Click **API Keys**.
3. Click **Generate API Keys** from the *API Keys* screen.
   <Frame caption="Generate API Keys">
     <img src="https://mintcdn.com/cashfreepayments-d00050e9/Kmx9_F-Zyh5NOURB/static/secure-id/get-started/integration/getting-start-1.png?fit=max&auto=format&n=Kmx9_F-Zyh5NOURB&q=85&s=95a190048ef70a8341c60a035afc27f5" width="2856" height="1618" data-path="static/secure-id/get-started/integration/getting-start-1.png" />
   </Frame>
4. The *New API Keys* popup displays with the client ID and client secret information.
5. Click **Download API Keys** to download the information and save them in your local system folder. Do not share the keys with anyone because they are confidential. You can generate a maximum of 10 API keys.

<Note>
  API Keys - Production Environment: You need to perform an OTP authentication
  to generate API keys for production environment.
</Note>

## Whitelist your IP address

Whitelisting the IP address or generating a public key provides a layer of authentication. These cybersecurity techniques prevent anonymous or unknown disbursement requests and allow only verified requests. Your IP address needs to be whitelisted in the Cashfree Payments production server or it rejects all incoming requests.

Follow the instructions below to whitelist your IP:

1. Log in to your [Secure ID dashboard](https://merchant.cashfree.com/verificationsuite/home) and click **Developers** from the navigation pane > **Two-Factor Authentication** from the **Secure ID** card.
2. Choose **IP Whitelist** from the **Select 2FA Method** drop-down.
3. Click **Add IP Address**.
4. Enter the IP address you want to whitelist in the respective field and click **Add IP Address** to save the details. Note that only IPv4 must be whitelisted, not IPv6. The whitelisted IPs appear in the dashboard.

<Note>
  You can whitelist up to 25 IP addresses. If you need to whitelist more than 25 IP addresses or if your IP addresses are dynamic (not static), use the [Signature Generation](https://www.cashfree.com/docs/api-reference/vrs/getting-started#2fa-api-signature-generation) method.
</Note>

<img src="https://mintcdn.com/cashfreepayments-d00050e9/Kmx9_F-Zyh5NOURB/static/secure-id/get-started/integration/Screenshot_2024-01-03_at_2.03.39_PM.png?fit=max&auto=format&n=Kmx9_F-Zyh5NOURB&q=85&s=6ded36ce00dc24b0b345fb393e2d56cd" alt="" width="3456" height="1986" data-path="static/secure-id/get-started/integration/Screenshot_2024-01-03_at_2.03.39_PM.png" />

<Note>
  **How to find my IP address?**

  Depending on your operating system, you can retrieve the IP of the system via
  multiple methods. You can also find your IP using helper sites such as
  [https://whatismyipaddress.com/](https://whatismyipaddress.com/).
</Note>

## 2FA API signature generation

To generate a signature, you need to generate the public key. You then use the generated public key to generate the signature.

### Generate public key

1. Log in to your [Secure ID dashboard](https://merchant.cashfree.com/verificationsuite/home) and click **Developers** from the navigation pane > **Two-Factor Authentication** from the **Secure ID** card.
2. Select **Public Key** from the *Select 2FA Method* drop-down.
3. Click **Generate Public Key**.  You can have only one active public key at a time, and you can download it only once.
4. The public key is downloaded to your computer. The public key file is password protected you need to use the unique password sent to your registered email address (linked to your Cashfree account) to open it.

### Generate signature

Follow the steps below to generate your signature:

1. Retrieve your clientId (one which you are passing through the header X-Client-Id)
2. Append this with CURRENT UNIX timestamp separated by a period (.)
3. Encrypt this data using RSA encrypt with Public key you received – this is the signature.
4. Pass this signature through the header X-Cf-Signature.

<Note>
  This method generates a signature that is valid for 5 minutes. Generate a new signature every 5 minutes.
</Note>

In the case of using our library, go through the libraries section. During the initialization process, you need to pass the key as a parameter.

<CodeGroup>
  ```php PHP theme={"dark"}
  <?php
  public static function getSignature() {
      $clientId = "<your clientId here>";
      $publicKey =
  openssl_pkey_get_public(file_get_contents("/path/to/certificate/public
  _key.pem"));
      $encodedData = $clientId.".".strtotime("now");
      return static::encrypt_RSA($encodedData, $publicKey);
    }
  private static function encrypt_RSA($plainData, $publicKey) { if (openssl_public_encrypt($plainData, $encrypted, $publicKey,
  OPENSSL_PKCS1_OAEP_PADDING))
        $encryptedData = base64_encode($encrypted);
      else return NULL;
      return $encryptedData;
    }
  ?>
  ```

  ```java Java theme={"dark"}
  private static String generateEncryptedSignature(String clientIdWithEpochTimestamp) {
      // String clientIdWithEpochTimeStamp = clientId+"."+Instant.now().getEpochSecond();
      String encrytedSignature = "";
      try {
          byte[] keyBytes = Files
              .readAllBytes(new File("/Users/sameera/Downloads/payout_test_public_key.pem").toPath()); // Absolute Path to be replaced
          String publicKeyContent = new String(keyBytes);
          System.out.println(publicKeyContent);
          publicKeyContent = publicKeyContent.replaceAll("[\\t\\n\\r]", "")
              .replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");
          KeyFactory kf = KeyFactory.getInstance("RSA");
          System.out.println(publicKeyContent);
          X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(
              Base64.getDecoder().decode(publicKeyContent));
          RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
          final Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
          cipher.init(Cipher.ENCRYPT_MODE, pubKey);
          encrytedSignature = Base64.getEncoder().encodeToString(cipher.doFinal(clientIdWithEpochTimestamp.getBytes()));
          System.out.println(encrytedSignature);
      } catch (Exception e) {
          e.printStackTrace();
      }
      return encrytedSignature;
  }
  ```
</CodeGroup>

## Configure success rate alerts

Configure email alerts for each KYC API to be notified when the success rate (SR) falls below a specified threshold for any endpoint. These alerts help you proactively monitor API performance and take timely action to maintain smooth verification workflows.

To configure alerts for your Secure ID account:

1. Log in to your [Secure ID dashboard](https://merchant.cashfree.com/verificationsuite/home) using your credentials.
2. Select **Settings** from the top navigation menu.
3. Select **Email Notifications** under the **Secure ID** section.
4. Select the **SR Alerts** tab and enable the specific API endpoints you want to monitor.
5. Select **Email Notification** from the **Manage Notifications** drop-down, and enter the email addresses to receive alerts.
6. Select **Next**, review your configuration, and select **Submit**.

<img src="https://mintcdn.com/cashfreepayments-d00050e9/Kmx9_F-Zyh5NOURB/static/secure-id/get-started/success-rate.gif?s=0ec81bb005c6a03e2400b608d33cddc9" alt="" width="1920" height="1080" data-path="static/secure-id/get-started/success-rate.gif" />

## Contact us for any queries

For identifying, diagnosing, and resolving problems related to API requests, ensure the information below is communicated while contacting us:

* Share the API request and response details along with `referenceId` or `verificationId`.
* Mention the registered email ID and environment in the email.
* Use your registered email address (with Cashfree Payments) to send the email or mention the registered email address.
* Include your account manager in the CC of the email request.

<Note>
  For dashboard queries, share the screenshot and .har file of the screen.
</Note>