Create an API credential

post /merchants/{merchantId}/apiCredentials

Was this page helpful?

Creates an API credential for the company account identified in the path. In the request, you can specify the roles and allowed origins for the new API credential.

The response includes the:

API key: used for API request authentication.
Client key: public key used for client-side authentication.
Username and password: used for basic authentication.

Make sure you store the API key securely in your system. You won't be able to retrieve it later.

If your API key is lost or compromised, you need to generate a new API key.

To make this request, your API credential must have the following roles:

Management API—API credentials read and write

Endpoint destination URL

https://management-test.adyen.com/v1/merchants/{merchantId}/apiCredentials

Path parameters

Required Optional

merchantId string Required

The unique identifier of the merchant account.

Request parameters

Required Optional

allowedOrigins array [string]

The list of allowed origins for the new API credential.

description string

Description of the API credential.

roles array [string]

List of roles for the API credential.

Response parameters

After submitting a call, you receive a response message to inform you that your request was received and processed.

Depending on the HTTP status code of the response message, it is helpful to build some logic to handle any errors that a request or the system may return.

HTTP Responses

200 - OK

The request has succeeded.
Show more Show less
_links object

References to resources linked to the API credential.

Show children Hide children

allowedOrigins object

List of allowed origins.

Show children Hide children

href string

company object

Company account that the API credential is linked to. Only present for company-level webhooks.

Show children Hide children

href string

generateApiKey object

Generates a new API key. When you generate a new one, the existing key remains valid for 24 hours.

Show children Hide children

href string

generateClientKey object

Generates a new client key, used to authenticate client-side requests. When you generate a new one, the existing key remains valid for 24 hours.

Show children Hide children

href string

merchant object

The merchant account that the API credential is linked to. Only present for merchant-level API credentials.

Show children Hide children

href string

self object

Link to the resource itself.

Show children Hide children

href string

active boolean

Indicates if the API credential is enabled. Must be set to true to use the credential in your integration.

allowedIpAddresses array [string]

List of IP addresses from which your client can make requests.

If the list is empty, we allow requests from any IP. If the list is not empty and we get a request from an IP which is not on the list, you get a security error.

allowedOrigins array [object]

List containing the allowed origins linked to the API credential.

Show children Hide children

_links object

References to resources linked to the allowed origin.

Show children Hide children

self object

Link to the resource itself.

Show children Hide children

href string

domain string

Domain of the allowed origin.

id string

Unique identifier of the allowed origin.

apiKey string

The API key for the API credential that was created.

clientKey string

Public key used for client-side authentication. The client key is required for Drop-in and Components integrations.

description string

Max length: 50

Description of the API credential.

id string

Unique identifier of the API credential.

password string

The password for the API credential that was created.

roles array [string]

List of roles for the API credential.

username string

The name of the API credential, for example ws@Company.TestCompany.
204 - No Content

The request has been successfully processed, but there is no additional content.
400 - Bad Request

A problem reading or understanding the request.
Show more Show less
detail string

A human-readable explanation specific to this occurrence of the problem.

errorCode string

A code that identifies the problem type.

instance string

A unique URI that identifies the specific occurrence of the problem.

invalidFields array [object]

Detailed explanation of each validation error, when applicable.

Show children Hide children

message string

Description of the validation error.

name string

The field that has an invalid value.

value string

The invalid value.

requestId string

A unique reference for the request, essentially the same as pspReference.

response object

JSON response payload.

Show children Hide children

paths array [object]

Show children Hide children

content array [string]

rootPath object

Show children Hide children

content array [string]

status integer

The HTTP status code.

title string

A short, human-readable summary of the problem type.

type string

A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
401 - Unauthorized

Authentication required.
Show more Show less
detail string

A human-readable explanation specific to this occurrence of the problem.

errorCode string

A code that identifies the problem type.

instance string

A unique URI that identifies the specific occurrence of the problem.

invalidFields array [object]

Detailed explanation of each validation error, when applicable.

Show children Hide children

message string

Description of the validation error.

name string

The field that has an invalid value.

value string

The invalid value.

requestId string

A unique reference for the request, essentially the same as pspReference.

response object

JSON response payload.

Show children Hide children

paths array [object]

Show children Hide children

content array [string]

rootPath object

Show children Hide children

content array [string]

status integer

The HTTP status code.

title string

A short, human-readable summary of the problem type.

type string

A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
403 - Forbidden

Insufficient permissions to process the request.
Show more Show less
detail string

A human-readable explanation specific to this occurrence of the problem.

errorCode string

A code that identifies the problem type.

instance string

A unique URI that identifies the specific occurrence of the problem.

invalidFields array [object]

Detailed explanation of each validation error, when applicable.

Show children Hide children

message string

Description of the validation error.

name string

The field that has an invalid value.

value string

The invalid value.

requestId string

A unique reference for the request, essentially the same as pspReference.

response object

JSON response payload.

Show children Hide children

paths array [object]

Show children Hide children

content array [string]

rootPath object

Show children Hide children

content array [string]

status integer

The HTTP status code.

title string

A short, human-readable summary of the problem type.

type string

A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
422 - Unprocessable Entity

A request validation error.
Show more Show less
detail string

A human-readable explanation specific to this occurrence of the problem.

errorCode string

A code that identifies the problem type.

instance string

A unique URI that identifies the specific occurrence of the problem.

invalidFields array [object]

Detailed explanation of each validation error, when applicable.

Show children Hide children

message string

Description of the validation error.

name string

The field that has an invalid value.

value string

The invalid value.

requestId string

A unique reference for the request, essentially the same as pspReference.

response object

JSON response payload.

Show children Hide children

paths array [object]

Show children Hide children

content array [string]

rootPath object

Show children Hide children

content array [string]

status integer

The HTTP status code.

title string

A short, human-readable summary of the problem type.

type string

A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
500 - Internal Server Error

The server could not process the request.
Show more Show less
detail string

A human-readable explanation specific to this occurrence of the problem.

errorCode string

A code that identifies the problem type.

instance string

A unique URI that identifies the specific occurrence of the problem.

invalidFields array [object]

Detailed explanation of each validation error, when applicable.

Show children Hide children

message string

Description of the validation error.

name string

The field that has an invalid value.

value string

The invalid value.

requestId string

A unique reference for the request, essentially the same as pspReference.

response object

JSON response payload.

Show children Hide children

paths array [object]

Show children Hide children

content array [string]

rootPath object

Show children Hide children

content array [string]

status integer

The HTTP status code.

title string

A short, human-readable summary of the problem type.

type string

A URI that identifies the problem type, pointing to human-readable documentation on this problem type.

Create an API credential

Endpoint destination URL

Path parameters

Request parameters

Response parameters

HTTP Responses

200 - OK

204 - No Content

400 - Bad Request

401 - Unauthorized

403 - Forbidden

422 - Unprocessable Entity

500 - Internal Server Error