Struggling custom payment gateway and secret api key in PHP

I’m trying to create a custom payment gateway.
I’m at the point where I need to update the order, so trying to connect with the ‘private/custom-payment-gateway/payment’, but getting 401 no matter what I try.
I’m using GuzzleHttp to connect in my PHP script:

$snipClient = new Client(['base_uri' => ""]);
try {
$snipClient->post('private/custom-payment-gateway/payment', [
                    'headers' => [
                        'Authorization' => "Basic " . base64_encode(App::env('SNIPCART_SECRET_API_KEY') . ':'),
                        'Content-Type' => 'application/json'
                    'body' => json_encode([
                    'paymentSessionId' => $paymentSessionId,
                      'state' => $state,
                        'transactionId' => $transactionId,
            } catch (ClientException $e) {
                throw new MethodNotAllowedHttpException($e->getMessage(), 401);

I also tried, as told in the documentation:

'Authorization' => "Bearer " . App::env('SNIPCART_SECRET_API_KEY'),

Secret key generated on Login - Snipcart
What am I doing wrong?

Hi @WHITE-developer, thanks for reaching out!

Is this the first request you make to the Payments API?
You need to use the appropriate API keys, as they are different from the regular API. You can generate them here:

An 'Accept' => 'application/json' header could also help, but your issue is probably the API key.


Hi @nelitow

You are right, it was the payment API key, didn’t try that one for this request. Bit confusing as it says “secret key”, didn’t expect the “payment key” there.

Next thing I have troubles with now is the changing from “publicToken” to a “paymentSessionId publicToken”. What I understand is that those 2 are different and the “paymentSessionId” is added to the “checkoutUrl”. I don’t have the control anymore what happens with that token and it gets lost. Is there any way to retrieve that token again? What I got so far:

  1. Snipcart connects with my “payment methods test url”
  2. I connect with the gateway which gives me back the external “checkoutUrl” where the customer can do the payment
  3. Customer clicks on that link and pays
  4. The gateway triggers a webhook of mine
  5. My webhook needs to update Snipcart, but I lost the “paymentSessionId”