Seller Apps are API credentials that allow external applications to create invoices and manage billing programmatically via the TallySale REST API.
Seller App List
| Column | Description |
|---|---|
| Name | App name (e.g., "My E-Commerce Store") |
| App Key | Public API key (starts with ts_) |
| Seller | The seller this app belongs to |
| Gateway | Whether AYA Payment Gateway is enabled |
| Status | Active or Inactive |
| Actions | View, Edit |
Creating a Seller App
- Click New Seller App.
- Fill in the form:
| Field | Description |
|---|---|
| Name | Descriptive name for the app (e.g., "Shopify Integration") |
| Seller | Select the seller this app belongs to |
| Use Payment Gateway | Enable AYA Payment Gateway for this app |
| Accepted Payments | Which payment methods this app accepts (AYA Pay, KBZ Pay, MMQR, VISA, etc.) |
| Backend Callback URL | Your server URL for webhook notifications |
| Frontend Redirect URL | Where to redirect customers after payment |
- Click Save.
Credentials
When you create or edit a Seller App, the system generates:
| Credential | Description |
|---|---|
| App Key | Public key included in API requests (ts_ prefix, 32 chars). Safe to store in config files |
| App Secret | Private key used for HMAC signature generation (64 chars). Never expose in client-side code |
Important: The App Secret is shown only once when the app is created. Store it securely. If lost, you can regenerate it from the edit page (this invalidates the old secret).
Security
- Secrets are stored encrypted in the database (Laravel
encrypt()) - All API requests require HMAC-SHA256 signatures using the secret
- Each app is scoped to a single seller — it can only create invoices for that seller
- Deactivating an app immediately blocks all API requests using its key
Limits
The number of Seller Apps a seller can create depends on their Seller Level:
| Level | Max Seller Apps |
|---|---|
| Starter | 0 (no API access) |
| Business | 2 |
| Enterprise | Unlimited |
📸 Screenshot: Seller App detail — to be added