Create an API key
This endpoint enables partners to generate a new set of API keys on behalf of their merchants. These keys are required for processing transactions via the POST /evaluate endpoint.
Tokenization not included
The API key set includes a public and a secret key, but does not include a tokenization key. As a result, tokenizing PANs (Primary Account Numbers) is not supported through this credential set. Partners using this endpoint must be PCI-certified and send full PANs in their transaction requests.
Request
Endpoints
| Environment | HTTP Method | Endpoint |
|---|---|---|
| Sandbox testing | POST | https://api-sandbox.flexfactor.io/v1/merchants/mid/api-keys |
| Production environment | POST | https://api.flexfactor.io/v1/merchants/mid/api-keys |
Required Keys
| Parameter | Description |
|---|---|
mid | Merchant's FlexFactor unique identifier |
bearer token | The authentication token returned by /oauth2/token. |
Body
Field Name | Type | Required | Description |
|---|---|---|---|
| String | Yes | A name for the API Key.
Regex: |
| String | No | An optional description for this API key. |
| Boolean | No | If set to true, will overwrite an existing key with the same name (if any).
Default is |
Key Overwrite Behavior
By default, the
overwriteExistingKeyflag is set tofalse. If set totrue, it will deactivate and revoke all previously issued keys for the specified merchant, replacing them with the newly created set.Use this flag with caution to avoid unintended disruptions in transaction processing.
Response
Field Definitions
| Field Name | Type | Description |
|---|---|---|
name | String | The name or description of the API Key. |
uniqueName | String | A unique version of the name, system-generated. |
description | String | The description provided for the API key. |
clientId | String | The generated identifier for the API key (UUID). |
Security for
secretkeys
- The value field of secret key is only visible upon creation. Store it securely, as it cannot be retrieved later.
Payload Examples
Request
cURL Request Example
curl --request POST \
--url https://api-sandbox.flexfactor.io/v1/merchants/\{mid}/api-keys \
--header 'Authorization: bearer {the token returned by /oauth2}' \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--data '{
"name": "New key",
"description": "this is a new key for eligibility",
"overwriteExistingKey": false
}'
Response
JSON Example for a Successful Creation
{
"name": "New key 2",
"uniqueName": "New key 2",
"description": "this is a new key 2",
"clientId": "01975a64-1117-7c5a-b824-9498ds931b0a"
}JSON Example for a Failed Creation
{
"error": "KeyAlreadyExists",
"message": "An API key with the name 'New key' already exists. Set 'overwriteExistingKey' to true to replace it.",
"statusCode": 409,
"timestamp": "2025-06-11T11:22:33.456Z"
}Example for Handling Errors
- Missing Fields: If required fields are missing, the API returns a 400 error with detailed messages.
- Invalid Credentials: If the bearer token is invalid, the API returns a 401 error.
HTTP/1.1 400 Bad Request
Content-Type: application/json
{
"errors": [
"Invalid scope value."
]
}HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"errors": [
"Authentication failed. Invalid bearer token."
]
}Updated 2 days ago