Ctrlk
Submit a Request
For the complete documentation index, see llms.txt. This page is also available as Markdown.

API Keys

Before making any API calls, you'll need to generate an API key and exchange it for an access token. Here's how:

🔑 Generate Your API Key

  1. Log into the Partner Dashboard.

  2. Go to Team Preferences → API Keys.

  3. Click Generate API Key.

  4. Give it a descriptive name (e.g. "Quoting Tool - Production").

  5. Use the scope picker to select only the permissions this key needs — or click Select all for full access.

  6. Copy and store the key somewhere safe. This key authenticates your API requests and should be kept secure.

spinner
Generating an API Key on Partner Dashboard

Treat this key like a password. Do not expose it in client-side code or share it publicly.

Scoped API Keys

API keys can now be created with only the permissions they need. Limiting scope reduces the blast radius if a credential is ever leaked or misused.

Available Scopes

Each scope area supports read, write, or both, where applicable:

Scope Area
Read
Write

Invoices

Payments

Customers

Refunds

Payouts

Webhooks

Hosted Checkout

Scope Picker UI

When you click Generate API Key, the dialog includes a scope picker organized by capability area. Select individual read or write permissions for each area, or use the Select all shortcut when you need full access.

Existing Keys — "Full Access" Label

Every key minted before scoped keys were introduced is automatically labeled Full access, so you can spot the highest-blast-radius keys at a glance. There is no forced rotation — migrate those keys to narrower scopes on your own timeline.

Inline Scope Auditing

The API Keys list shows each key's scopes inline, so you can audit what each integration is allowed to do without opening individual key details.

Scopes in the OpenAPI Spec

All scopes are published in the public OpenAPI spec as a scopes catalog, with per-route scope tags — ready for code generators and API clients.

Example Use Cases

Assign the minimum permissions each integration actually needs:

  • Accountant accessCustomers: read + Invoices: read

  • Reconciliation toolPayments: read

  • Refunds operatorRefunds: write

🗑️ Revoke an API Key

If a key is no longer needed or may be compromised, go to API Keys in the dashboard, click Revoke next to the key you want to disable, and confirm the action.

Important: Revoking a key is permanent. Make sure your application is updated with a new key before revoking the old one.

✏️ Rename an API Key

To update the name of an existing key, go to API Keys in the dashboard, click Edit Key Name next to the key, enter a new name, and save.

Renaming helps you keep keys organized by usage or environment.

PreviousQuick StartNextGuides

Last updated

Was this helpful?