Skip to content

API keys may be managed programmatically. This includes creating and deleting API keys. This is the same capability as through the partner and merchant dashboards.

How the API keys are managed depends on the source of the API token used for the endpoints. There are two sources: Partner and merchant.

  • A partner API key used to create the API token affects only merchants associated with the partner. The partner can manage the API keys for their individual merchants. A partner API key can be created only in the partner dashboard.
  • A merchant API key used to create an API token that affects only that one merchant. This includes both a merchant associated with a partner and standalone merchants (those not associated with any partner).

Each merchant API Key endpoint explains the details of using either API token source.

The API keys are specific to a single merchant. They are not interchangeable from among different merchants, even if they are each associated with the same partner. That is, merchants cannot use API keys from any other merchant. Standalone merchants (those not associated with any partner) manage their API keys through the merchant Flute dashboard.

Merchant API keys are required only if the merchant application or account needs to integrate with the API suite. A merchant API key is required to create API tokens (also called access tokens), needed to make endpoint calls. Except for the Merchant API Key endpoints, only merchant API tokens (API tokens created from a merchant API key) can be used with any other endpoint. Partner API keys cannot be used to create API tokens otherwise. To generate an API token from an API key, see GET /oauth-token.

The number of API keys is determined by the partner or standalone merchants. They may have as many or as few as required. For more information about API keys, see Creating an API Key.

This Merchant API Key group consists of the following endpoints:

  • To list available keys, see GET /v2/api-keys
  • To create an API key, see POST /v2/api-keys
  • To revoke an API key, see DELETE /v2/api-keys/{{clientId}}