Create an API key
FlexFactor allows you to create API keys to authenticate and interact with FlexFactor API endpoints.
Request
Endpoints
| Environment | HTTP Method | Endpoint |
|---|---|---|
| Sandbox testing | POST | https://api-sandbox.flex-charge.com/v1/api-keys |
| Production environment | POST | https://api.flex-charge.com/v1/api-keys |
Required Keys
| Parameter | Description |
|---|---|
bearer token | The authentication token returned by /oauth2/token. |
Body
| Field Name | Type | Required | Description |
|---|---|---|---|
mid | String | Yes | Unique identifier of the merchant you want to create credentials for. |
name | String | Yes | A brief name or description for the API Key. Regex: ^[^<>]*$. |
type | String (Enum) | Yes | The type of API Key: - secret: used for auth, must be kept secure.- public: used for auth- tokenization: used for tokenization |
Response
Field Definitions
| Field Name | Type | Description |
|---|---|---|
id | String | Unique identifier for the API Key. |
mid | String | The FlexFactor unique identifier of the account associated with the API Key. |
name | String | The name or description of the API Key. |
type | String (Enum) | The type of the API Key (secret ,public, tokenization). |
value | String | The actual value of the API Key . |
scopes | Array of Strings | The list of access scopes defined for the API Key. |
created_at | String (DateTime) | The timestamp of when the API Key was created. |
errors | Array of Strings | Any errors encountered during the API Key creation process. |
Security for
secretkeys
- The value field of secret key is only visible upon creation. Store it securely, as it cannot be retrieved later.
Payload Examples
Request
cURL Request Example
curl --request POST \
--url https://api-sandbox.flexfactor.com/v1/api-keys \
--header 'Authorization: bearer {the token returned by /oauth2}' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{
"mid": "mid_123456",
"name": "My API Key",
"scopes": ["customers:read", "charges:read"],
"type": "secret"
}'
Response
JSON Example for a Successful Creation
{
"type": "secret",
"value": "sk_test_4eC39HqLyjWDarjtT1zdp7dc",
"mid": "mid_123456",
"name": "My API Key",
"scopes": ["customers:read", "charges:read"],
"created_at": "2024-11-16T12:00:00Z",
}
JSON Example for a Failed Creation
{
"type": null,
"value": null,
"name": null,
"scopes": null,
"created_at": null,
"errors": [
"Invalid scope value.",
"Missing required field: type."
]
}
Example for Handling Errors
- Missing Fields: If required fields are missing, the API returns a 400 error with detailed messages.
- Invalid Credentials: If the bearer token is invalid, the API returns a 401 error.
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"errors": [
"Invalid scope value."
]
}
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"errors": [
"Authentication failed. Invalid bearer token."
]
}
Updated 2 days ago