beginner 3 min

Get API Keys

Generate API keys for programmatic access to the platform.

API keys provide an alternative to JWT tokens for authenticating API requests. They’re ideal for server-to-server integrations.

Key format

API keys use the prefix sk_live_ or sk_test_ followed by a base64url-encoded random string:

Live keys — sk_live_... — for production use
Test keys — sk_test_... — for development and testing

Create a key

Generate a new API key with a human-readable name:

curl -X POST https://api.example.com/v1/api_keys 
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" 
  -H "Content-Type: application/json" 
  -d '{
    "name": "Production Server",
    "environment": "live"
  }'

The response includes the raw key — copy it immediately, it won’t be shown again:

{
  "id": "akey_abc123",
  "ownerId": "usr_abc123",
  "prefix": "sk_live_",
  "name": "Production Server",
  "raw_key": "sk_live_abc123def456ghi789...",
  "lastUsedAt": null,
  "createdAt": "2024-01-15T10:00:00Z",
  "revokedAt": null,
  "request_id": "req_abc123"
}

Use a key

Pass the API key as a Bearer token in the Authorization header:

curl https://api.example.com/v1/reseller_stores 
  -H "Authorization: Bearer sk_live_abc123def456ghi789..."

The platform distinguishes API keys from JWT tokens by the sk_ prefix.

Revoke a key

If a key is compromised, revoke it immediately:

curl -X DELETE https://api.example.com/v1/api_keys/akey_abc123 
  -H "Authorization: Bearer YOUR_ACCESS_TOKEN"

Revoked keys return 401 Unauthorized on any subsequent request.

What’s next?

Authentication — Learn about all authentication mechanisms
Quickstart — Route your first order