API keys

In Developers choose API keys. Section available in org view from Basic plan (on Free the whole Developers section is blocked).

Key list

Name, created date, last used; Create API key. Per key: Copy, Revoke/Delete.

Creating a key

In modal: Name (e.g. "Production API key"), optional Expires in (seconds). Validation: "Enter API key name". On submit the key value is shown once - message "Save this key - this is the only time…". Copy button. Toast: API key created successfully! or error. If leaked, revoke and create a new one.

Security

API key gives full access to org resources via REST API (offers, payments, subscriptions, refunds, customers, checkout, schedule). Do not expose the key in client code (frontend, mobile) - use only on the server. Store in env vars or secrets store. System stores key hash; after creation the full value cannot be read - only prefix (e.g. last chars) for identification. Revoke immediately blocks the key; all requests with it return 401.