Create an API credential

post/merchants/{merchantId}/apiCredentials

API Version

Creates an API credential for the company account identified in the path. In the request, you can specify the roles and allowed origins for the new API credential.

The response includes the:

API key: used for API request authentication.
Client key: public key used for client-side authentication.
Username and password: used for basic authentication.

Make sure you store the API key securely in your system. You won't be able to retrieve it later.

If your API key is lost or compromised, you need to generate a new API key.

To make this request, your API credential must have the following roles:

Management API—API credentials read and write

Endpoint destination URL

https://management-test.adyen.com/v1/merchants/{merchantId}/apiCredentials

Path Parameters

Required

Optional

The unique identifier of the merchant account.

Request Parameters

Required

Optional

The list of allowed origins for the new API credential.

Description of the API credential.

List of roles for the API credential. Only roles assigned to 'ws@Company.<CompanyName>' can be assigned to other API credentials.

Response parameters

After submitting a call, you receive a response message to inform you that your request was received and processed.

Depending on the HTTP status code of the response message, it is helpful to build some logic to handle any errors that a request or the system may return.

HTTP Responses

200 - OK
The request has succeeded.
_linksobject
References to resources linked to the API credential.
allowedOriginsobject
List of allowed origins.
hrefstring
companyobject
Company account that the API credential is linked to. Only present for company-level webhooks.
hrefstring
generateApiKeyobject
Generates a new API key. When you generate a new one, the existing key remains valid for 24 hours.
hrefstring
generateClientKeyobject
Generates a new client key, used to authenticate client-side requests. When you generate a new one, the existing key remains valid for 24 hours.
hrefstring
merchantobject
The merchant account that the API credential is linked to. Only present for merchant-level API credentials.
hrefstring
selfobject
Link to the resource itself.
hrefstring
activeboolean
Indicates if the API credential is enabled. Must be set to true to use the credential in your integration.
allowedIpAddressesarray[string]
List of IP addresses from which your client can make requests.

If the list is empty, we allow requests from any IP. If the list is not empty and we get a request from an IP which is not on the list, you get a security error.
allowedOriginsarray[object]
List containing the allowed origins linked to the API credential.
_linksobject
References to resources linked to the allowed origin.
selfobject
Link to the resource itself.
hrefstring
domainstring
Domain of the allowed origin.
idstring
Unique identifier of the allowed origin.
apiKeystring
The API key for the API credential that was created.
clientKeystring
Public key used for client-side authentication. The client key is required for Drop-in and Components integrations.
descriptionstring
Max length: 50
Description of the API credential.
idstring
Unique identifier of the API credential.
passwordstring
The password for the API credential that was created.
rolesarray[string]
List of roles for the API credential.
usernamestring
The name of the API credential, for example ws@Company.TestCompany.
204 - No Content
The request has been successfully processed, but there is no additional content.
400 - Bad Request
A problem reading or understanding the request.
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
InvalidFieldobject
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
401 - Unauthorized
Authentication required.
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
InvalidFieldobject
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
403 - Forbidden
Insufficient permissions to process the request.
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
InvalidFieldobject
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
422 - Unprocessable Entity
A request validation error.
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
InvalidFieldobject
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.
500 - Internal Server Error
The server could not process the request.
detailstring
A human-readable explanation specific to this occurrence of the problem.
errorCodestring
A code that identifies the problem type.
instancestring
A unique URI that identifies the specific occurrence of the problem.
invalidFieldsarray[InvalidFieldWrapper]
Detailed explanation of each validation error, when applicable.
InvalidFieldobject
messagestring
Description of the validation error.
namestring
The field that has an invalid value.
valuestring
The invalid value.
requestIdstring
A unique reference for the request, essentially the same as pspReference.
responseobject
JSON response payload.
statusinteger
The HTTP status code.
titlestring
A short, human-readable summary of the problem type.
typestring
A URI that identifies the problem type, pointing to human-readable documentation on this problem type.

Create an API credential

HTTP Responses

200 - OK

204 - No Content

400 - Bad Request

401 - Unauthorized

403 - Forbidden

422 - Unprocessable Entity

500 - Internal Server Error