API keys serve as the means to interact with our web services. Further details on this can be found in the authentication API specs documentation.


You have the ability to manage your API keys within the settings section of your web portal. From there, you can view a list of all active keys, delete existing ones, or generate new ones as needed.

Manage API keys


To generate a new key, click on the + Create button located at the top of the key management table. A popup will appear, prompting you to enter the necessary information :

Generate API key

  • Title
    This field represents a human-readable description used to recognize the purpose of the key. For example, the key could be logically named based on its responsibility (e.g., "Poll for payout updates").

  • Scopes
    Scopes define the permissions granted to the key. For instance, if you want the key to only poll for payout updates, you can limit the scopes to payout:read. For detailed information about each individual endpoint and the required scope/s, please refer to the documentation here.

  • Expires
    Allows you to set an expiration date for the key (also known as TTL). Once this date is reached, the key will no longer be valid. Note that this field is optional; you can choose to have your keys to never expire. However, if you opt for expiration, the minimum TTL must be set to at least 180 calendar days (approximately 6 months).

After filling in the required fields, click the Create button. If everything functions as as expected, a new popup will show up displaying the API key value.

Generated API key


Security first

For security purposes, we do not store the generated API key values. You have one chance to copy the key value and store it securely. Once the popup is closed, there is no way to retrieve the same key again. If lost, you will need to create a new one.


There are several reasons why you might want to manually invalidate your keys, ranging from security best practices such as regular rotation, to more serious concerns like suspected key compromise. To address these situations promptly, our web portal provides you with the option to invalidate keys directly. This feature allows you to maintain security without the need to contact us avoiding unnecessary delays.

To remove a key, click on the 🗑️ icon next to the key you wish to delete. A confirmation prompt will appear, asking you to confirm the deletion.

Delete API key

Once a key is deleted, it's permanent. There's no way to restore it, and you'll need to create a new one if required.