Is it safe to give our API Credentials to an online travel agency we want to partner with? According to them, "API Credentials are different from the username and password.. We can't access your paypal account by giving us the API Credentials, the purpose of this is to connect (the online travel agency) to your payment gateway. "
However, regardless the purpose, we can't shake our inhibitions that with this credentials, they could access our accounts and possibly do stuffs without us knowing and without our consent. Can anyone enlighten me with this? We just really don't have any idea about these stuffs and would just really want to be careful about anything.