To follow along with this guide, please log into your account at https://id.spreedly.com.
Access secrets are considered private and secure. Do not share them or expose them to insecure channels - even in e-mails to the Spreedly team. An access secret, in combination with an environment key, grants full access to the Spreedly API. If you or another user within your organization share an access secret insecurely, we advise that you revoke the secret as soon as possible, and generate a new one.
View your access secrets
To view your access secrets, log into your account and click on the Organization tab. Note that the image below is edited - when you visit your account page, no information is hidden:
Add a new access secret
At the bottom of your list of access secrets, there is an option to Add Access Secret:
Access secrets are randomly generated codes, but you can choose your name. Unique names can help you keep track of which access secrets you are using for your different environments or applications.
Revoke an access secret
You may revoke an access secret at any time by clicking the "Delete" button:
Deleting an access secret is permanent and cannot be undone by you, or by Spreedly. Do not delete an access secret unless you are sure you wish to do so. If production code uses the old access secret, you would need to replace it with a new access secret, or else you will not be able to accept payments.
Share your access secrets
Access secrets should never be shared over insecure, unencrypted channels. The safest way to share access secrets with individuals you trust is to add them as a user to your Spreedly account. As a user, they will be able to view all of your access secrets, manage them, and create their own.
Remember that all access secrets are equal and can be used to authenticate calls in any Spreedly environment.