> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gr4vy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys

> Create and manage API key pairs from the dashboard, including the role, algorithm, and merchant accounts each key can access.

API key pairs are used to sign the JSON Web Tokens (JWTs) that [authenticate](/guides/api/authentication) your server-side calls to the Gr4vy API. You can create and manage them from the dashboard, under **Integrations** > **API Keys**.

To manage keys programmatically instead, see [Managing API keys](/guides/api/api-keys).

## Create an API key

1. Go to **Integrations** > **API Keys**.
2. Select **Add an API key**.
3. Enter a **Name** to identify the key, for example `Web API key`.
4. Choose the **Permissions** for the key. This sets the key's role:
   * **Full access** allows the key to process payments, manage connections, edit Flow rules, and more.
   * **Processing only** allows the key to process payments, including managing payment methods and buyers.
   * **System management only** allows the key to manage connections and edit Flow rules.
   * **Transaction reporting only** allows the key to read payments data, including creating and accessing reports.
   * **Key management only** allows the key to manage API keys, including creating, editing, and activating or deactivating keys.
5. Choose the **Algorithm**. **ECDSA** is recommended. Only use **RSA** in environments that do not support ECDSA.
6. Under **Merchants**, either grant the key access to all merchant accounts or select specific merchant accounts.
7. Select **Create API key**.

Gr4vy generates the key pair and provides the private key once, when the key is created. Store the private key securely, as it cannot be retrieved again.

## Manage API keys

The **API Keys** table lists each key with its name, role, algorithm, merchant access, creator, and creation date. The **Status** column shows whether each key is active or inactive.

* Select **Edit API key** to change a key's name, role, or the merchant accounts it can access.
* Select **Deactivate** to turn off a key without deleting it. A deactivated key can no longer authenticate. Select **Activate** to turn it back on.
* Select **Remove API key** to delete a key. Removing a key is non-reversible, and any system using it can no longer authenticate.

<Info>
  API key roles differ from [user roles](/guides/dashboard/roles-and-permissions/roles). User roles control access for people signing in to the dashboard, while API key permissions control access for server-side API calls.
</Info>
