I'm integrating payment gateway in our application. I have an account in their website with an API key and secret key.
The users of our application are sub merchants. They will get their own account in the payment gateway website with an API key and secret key. When I asked their support, they said the main account(our account) cant access the api, secret key of the users of our application and we will have to get it from the users.
We are the ones who will be adding sub merchants and creating accounts in the payment gateway website for the users of our application. So we will have access to api key and secret key of each user.
We will have to save the api key and secret key of each user in our database. My question is should it be done from front end on a web service call. The admin login of our application will enter the api key and secret key of each user and save it to our database.
Is it safe to save the secret key from the front end or is there an other way that we can save it to our database.