Request

Endpoints

Environment	HTTP Method	Endpoint
Sandbox testing	POST	https://api-sandbox.flex-charge.com/v1/api-keys
Production environment	POST	https://api.flex-charge.com/v1/api-keys

Required Keys

Parameter	Description
`bearer token`	The authentication token returned by `/oauth2/token`.

Body

Field Name	Type	Required	Description
`mid`	String	Yes	Unique identifier of the merchant you want to create credentials for.
`name`	String	Yes	A brief name or description for the API Key. Regex: `^[^<>]*$`.
`type`	String (Enum)	Yes	The type of API Key: `secret`: used for auth, must be kept secure. `public`: used for auth `tokenization`: used for tokenization

Field Name

Type

Required

Description

mid

String

Yes

Unique identifier of the merchant you want to create credentials for.

name

String

Yes

A brief name or description for the API Key.
Regex: ^[^<>]*$.

type

String (Enum)

Yes

The type of API Key:

secret: used for auth, must be kept secure.
public: used for auth
tokenization: used for tokenization

Response

Field Definitions

Field Name	Type	Description
`id`	String	Unique identifier for the API Key.
`mid`	String	The FlexFactor unique identifier of the account associated with the API Key.
`name`	String	The name or description of the API Key.
`type`	String (Enum)	The type of the API Key (`secret` ,`public`, `tokenization`).
`value`	String	The actual value of the API Key .
`scopes`	Array of Strings	The list of access scopes defined for the API Key.
`created_at`	String (DateTime)	The timestamp of when the API Key was created.
`errors`	Array of Strings	Any errors encountered during the API Key creation process.

❗️
Security forsecret keys

The value field of secret key is only visible upon creation. Store it securely, as it cannot be retrieved later.

Payload Examples

Request

cURL Request Example

curl --request POST \
     --url https://api-sandbox.flexfactor.com/v1/api-keys \
     --header 'Authorization: bearer {the token returned by /oauth2}' \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '{
       "mid": "mid_123456",
       "name": "My API Key",
       "scopes": ["customers:read", "charges:read"],
       "type": "secret"
     }'

Response

JSON Example for a Successful Creation

{
   "type": "secret",
   "value": "sk_test_4eC39HqLyjWDarjtT1zdp7dc",
   "mid": "mid_123456",
   "name": "My API Key",
   "scopes": ["customers:read", "charges:read"],
   "created_at": "2024-11-16T12:00:00Z",
}

JSON Example for a Failed Creation

{
   "type": null,
   "value": null,
   "name": null,
   "scopes": null,
   "created_at": null,
   "errors": [
       "Invalid scope value.",
       "Missing required field: type."
   ]
}

Example for Handling Errors

Missing Fields: If required fields are missing, the API returns a 400 error with detailed messages.
Invalid Credentials: If the bearer token is invalid, the API returns a 401 error.

HTTP/1.1 400 Bad Request
Content-Type: application/json

{
  "errors": [
    "Invalid scope value."
  ]
}

HTTP/1.1 401 Unauthorized
Content-Type: application/json

{
  "errors": [
    "Authentication failed. Invalid bearer token."
  ]
}

Create an API key

Request

Endpoints

Required Keys

Body

Response

Field Definitions

Security for`secret` keys

Payload Examples

Request

cURL Request Example

Response

JSON Example for a Successful Creation

JSON Example for a Failed Creation

Example for Handling Errors

Request

Endpoints

Required Keys

Body

Response

Field Definitions

Security forsecret keys

Payload Examples

Request

cURL Request Example

Response

JSON Example for a Successful Creation

JSON Example for a Failed Creation

Example for Handling Errors

Security for`secret` keys