Create API Key

POST

/api/ApiKeys

const url = 'https://example.com/api/ApiKeys';
const options = {
  method: 'POST',
  headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
  body: '{"merchantId":"2489E9AD-2EE2-8E00-8EC9-32D5F69181C0","name":"example","expiresAt":"2026-04-15T12:00:00Z","createdByUserId":"2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url https://example.com/api/ApiKeys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{ "merchantId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "name": "example", "expiresAt": "2026-04-15T12:00:00Z", "createdByUserId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0" }'

Mints a new API key. The plaintext token is included in the response exactly once — store it securely before navigating away. The server only persists a SHA-256 hash and a short prefix that’s safe to display in lists.

Authorizations

Bearer

Request Body

object

merchantId

required

string format: uuid

name

required

string

>= 1 characters <= 200 characters

expiresAt

string format: date-time

nullable

createdByUserId

string format: uuid

nullable

Example ^generated

{
  "merchantId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
  "name": "example",
  "expiresAt": "2026-04-15T12:00:00Z",
  "createdByUserId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}

object

merchantId

required

string format: uuid

name

required

string

>= 1 characters <= 200 characters

expiresAt

string format: date-time

nullable

createdByUserId

string format: uuid

nullable

Example ^generated

{
  "merchantId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
  "name": "example",
  "expiresAt": "2026-04-15T12:00:00Z",
  "createdByUserId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}

object

merchantId

required

string format: uuid

name

required

string

>= 1 characters <= 200 characters

expiresAt

string format: date-time

nullable

createdByUserId

string format: uuid

nullable

Example ^generated

{
  "merchantId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0",
  "name": "example",
  "expiresAt": "2026-04-15T12:00:00Z",
  "createdByUserId": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"
}

Responses

201

Key created.

application/json

object

outcome

string

Allowed values: Ok MerchantNotFound

string format: uuid

nullable

token

string

nullable

signingSecret

string

nullable

apiKey

object

string format: uuid

name

string

nullable

keyPrefix

string

nullable

signingSecretPrefix

string

nullable

webhookUrl

string

nullable

webhookEvents

Array<string>

nullable

webhookEnabled

boolean

expiresAt

string format: date-time

nullable

lastUsedAt

string format: date-time

nullable

revokedAt

string format: date-time

nullable

createdAt

string format: date-time

Example

{
  "outcome": "Ok"
}

404

Merchant not found.

application/json

object

type

string

nullable

title

string

nullable

status

integer format: int32

nullable

detail

string

nullable

instance

string

nullable

key

additional properties

Example ^generated

{
  "type": "example",
  "title": "example",
  "status": 1,
  "detail": "example",
  "instance": "example"
}

Event reference

ApiKeys

Auth

Checkout

Dashboard

Invitations

Invoices

Members

Merchants

Onboard

PaymentMethods

Payouts

Plans

ProductQuestions

Products

Subscriptions

Transactions

Users

Webhooks

Create API Key

Authorizations

Request Body

Example ^generated

Example ^generated

Example ^generated

Responses

201

Example

404

Example ^generated

Start here

Hosted checkout

Webhooks

Operations

API Reference

Create API Key

Authorizations

Request Body

Example generated

Example generated

Example generated

Responses

201

Example

404

Example generated

Start here

Hosted checkout

Webhooks

Operations

API Reference

Example ^generated

Example ^generated

Example ^generated

Example ^generated