Setup

Get started with BT AI by creating your account, setting up your project, and configuring your API keys for secure JWT-based authentication.

Account Creation and Project Setup

1. Create Your BTAI Portal Account

  1. Navigate to the BTAI Portal and click Sign Up
  2. Complete the registration form with your business information
  3. Verify your email address through the confirmation link sent to your inbox

2. Complete Project Setup

Once logged in to the BTAI Portal:

  1. Click Create New Project on your dashboard
  2. Enter your project details:
    • Project Name: A descriptive name for your integration
    • Project Description: Brief description of your use case
    • Environment: Choose Development or Production
  3. Review and confirm your project configuration

API Key-Pair Creation

Creating Your JWT Signing Keys

BT AI uses JWT-based authentication for secure communication. You’ll need to create an API key-pair for signing JWTs:

  1. In your account, navigate to API Keys in your project dashboard
  2. Click Create New Key-Pair
  3. Configure your key-pair:
    • Key Name: Descriptive name (e.g., “Production Signing Key”)
    • Key Type: RSA-256 (recommended for production)
  4. Click Generate Key-Pair

Save Your Key Details

⚠️ CRITICAL SECURITY WARNING: Your private key will only be displayed once. Save it immediately and securely.

When you create your key-pair, you’ll receive:

  • Key ID: Used to identify your key in JWT headers
  • Public Key: Used by BT AI to verify your JWTs
  • Private Key: Used by your backend to sign JWTs

Example key information:

{
  "keyId": "bt_key_1234567890abcdef",
  "algorithm": "RS256",
  "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhki...",
  "privateKey": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBg..."
}

Private Key Storage and Security

Secure Storage Recommendations

DO:

  • Store private keys in secure environment variables
  • Use cloud key management services (AWS KMS, Azure Key Vault, Google Secret Manager)
  • Implement proper access controls and audit logging

DON’T:

  • Store private keys in source code repositories
  • Include keys in client-side code or configuration files
  • Share private keys via email, chat, or other unsecured channels
  • Use the same key across multiple environments

Key Management Best Practices

Key Rotation

  1. Regular Rotation: Rotate keys every 90 days for production environments
  2. Emergency Rotation: Have a process for immediate key rotation if compromise is suspected
  3. Overlap Period: Keep old keys active for 24-48 hours during rotation to prevent service disruption

Key Rotation Process

  1. Generate a new key-pair in the BTAI Portal
  2. Deploy the new private key to your backend systems
  3. Update your JWT signing code to use the new key
  4. Test the integration thoroughly
  5. Deactivate the old key-pair after confirming everything works

Next Steps

Congratulations! You’ve successfully completed the initial setup for BT AI. With your account configured and API keys ready, you’re now prepared to implement payment collection and processing.

Immediate Next Steps

  1. Collect Payment Methods - Your next step is to learn how to create JWTs and initialize the SDK for secure payment data collection. This guide will walk you through:
    • Creating JWTs with the proper payload structure
    • Initializing the SDK with your JWT
    • Mounting card components for secure data collection
    • Handling payment method creation and validation

After Payment Collection

  1. Browser Checkout - Once you can collect payment methods, implement checkout flows that use existing payment methods for a seamless user experience.

  2. API Checkout - For advanced use cases, learn to generate virtual cards and handle purchase intent verification for server-side payment processing.