Create an API key
- Go to Integrations > API Keys.
- Select Add an API key.
- Enter a Name to identify the key, for example
Web API key. - Choose the Permissions for the key. This sets the key’s role:
- Full access allows the key to process payments, manage connections, edit Flow rules, and more.
- Processing only allows the key to process payments, including managing payment methods and buyers.
- System management only allows the key to manage connections and edit Flow rules.
- Transaction reporting only allows the key to read payments data, including creating and accessing reports.
- Key management only allows the key to manage API keys, including creating, editing, and activating or deactivating keys.
- Choose the Algorithm. ECDSA is recommended. Only use RSA in environments that do not support ECDSA.
- Under Merchants, either grant the key access to all merchant accounts or select specific merchant accounts.
- Select Create API key.
Manage API keys
The API Keys table lists each key with its name, role, algorithm, merchant access, creator, and creation date. The Status column shows whether each key is active or inactive.- Select Edit API key to change a key’s name, role, or the merchant accounts it can access.
- Select Deactivate to turn off a key without deleting it. A deactivated key can no longer authenticate. Select Activate to turn it back on.
- Select Remove API key to delete a key. Removing a key is non-reversible, and any system using it can no longer authenticate.
API key roles differ from user roles. User roles control access for people signing in to the dashboard, while API key permissions control access for server-side API calls.