For AI agents: visit https://docs.flexfactor.io/llms.txt for an index of all pages formatted in Markdown and endpoints in OpenAPI.
| Parameter | Description |
|---|
bearer token | The authentication token returned by /oauth2/token. |
| Field Name | Type | Required | Description |
|---|
mid | String | Yes | Unique identifier of the merchant you want to create credentials for. |
name | String | Yes | A brief name or description for the API Key. Regex: ^[^<>]*$. |
type | String (Enum) | Yes | The type of API Key:
secret: used for auth, must be kept secure.
public: used for auth
* tokenization: used for tokenization |
| Field Name | Type | Description |
|---|
id | String | Unique identifier for the API Key. |
mid | String | The FlexFactor unique identifier of the account associated with the API Key. |
name | String | The name or description of the API Key. |
type | String (Enum) | The type of the API Key (secret ,public, tokenization). |
value | String | The actual value of the API Key . |
scopes | Array of Strings | The list of access scopes defined for the API Key. |
created_at | String (DateTime) | The timestamp of when the API Key was created. |
errors | Array of Strings | Any errors encountered during the API Key creation process. |
❗️
- The value field of secret key is only visible upon creation. Store it securely, as it cannot be retrieved later.
curl --request POST \
--url https://api-sandbox.flexfactor.io/v1/api-keys \
--header 'Authorization: Bearer {the token returned by /oauth2}' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{
"mid": "mid_123456",
"name": "My API Key",
"scopes": ["customers:read", "charges:read"],
"type": "secret"
}'
{
"type": "secret",
"value": "sk_test_4eC39HqLyjWDarjtT1zdp7dc",
"mid": "mid_123456",
"name": "My API Key",
"scopes": ["customers:read", "charges:read"],
"created_at": "2024-11-16T12:00:00Z",
}
{
"type": null,
"value": null,
"name": null,
"scopes": null,
"created_at": null,
"errors": [
"Invalid scope value.",
"Missing required field: type."
]
}
- Missing Fields: If required fields are missing, the API returns a 400 error with detailed messages.
- Invalid Credentials: If the bearer token is invalid, the API returns a 401 error.
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"errors": [
"Invalid scope value."
]
}
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"errors": [
"Authentication failed. Invalid bearer token."
]
}
Updated about 20 hours ago
