Klarna Docs - Account credentials
API and SDKsSupport
Account credentials

Set up and manage Partner Accounts securely by obtaining API credentials, following best practices for credential management, and implementing strong security measures for integration with Klarna's services.

To begin your integration with Klarna, the first step is to obtain your API credentials. Once your account is set up by Klarna, you will receive your initial API key through a secure link.

With your initial API key from Klarna, you can create new API keys and Client IDs through the Partner Management API. Here's how these credentials function:

  • API keys: Are used to authenticate server-side REST API requests towards Klarna. In addition, Klarna may use them to identify the source account.

Structure: klarna_<live|test>_api_<random>

  • Client IDs: Are used to authenticate client-side interactions towards Klarna’s SDK. Due to the nature of frontend authentication, client keys require domain registration.

Structure: klarna_<live|test>_client_<random>

Learnings:

To ensure the security of Partner integrations, Klarna also requires Acquiring Partners to implement Mutual Transport Layer Security (mTLS) in order to access Klarna APIs. To learn more about authentication, API keys, Client IDs and Security consult the Security page.

Credential management is fully under the control of the Acquiring Partner, who can create and manage credentials for different services. This autonomy enhances security by enabling automatic credential rotation, reducing the need for manual updating by Klarna.

To minimize risk in the event of a security breach, assign unique credentials to each service and use the description field to clearly define each credential's purpose. This approach simplifies credential management and ensures that if one credential is compromised or needs to be deactivated, it won’t affect the others, maintaining uninterrupted operation across your integration.

graph LR; A[Your service X] --> B[API Key for X] --> D[Klarna Partner APIs] C[Your service Y] --> E[API Key for Y] --> D F[Your client page X] --> G[Client Identifier for X] --> D

Other recommended practices:

  • Never store credentials in plaintext.
  • Implement strict access controls to limit credential exposure.
  • Regularly rotate credentials.
  • Immediately revoke and notify Klarna support if credentials are compromised.

Credentials can be managed for either live or test environments and are specific to client-side or server-side actions. When creating credentials, you can add a description to specify their use, which can be verified via the List Credentials API.

Credentials inactive for two months will be disabled to prevent misuse and will be deleted after ten months of inactivity. In such cases, you can reactivate old credentials or generate new ones through Partner support, your Klarna account representative, or via APIs, maintaining the security and flexibility of your interactions with Klarna.

For rotating credentials, it's recommended to support multiple credentials during the transition. The steps for key rotation involve:

  1. Use the Create Credential API to request new sets of credentials.
  2. Transition your service from existing credentials to the new credentials.
  3. Validate the new credentials have been correctly implemented.
  4. Use the Disable Credential API to permanently disable the affected credential.

Rate limiting considerations:

Rate limiting is enforced by Klarna on an account basis. The creation of multiple credentials will not enable increased rate limits. For more information see Rate Limiting.

Consult the API reference for a complete description of the request body parameters, and Security for more information about securely integrating Klarna.