---
title: "API credentials"
description: "Generate and configure credentials for the API requests that you make to Adyen."
url: "https://docs.adyen.com/development-resources/api-credentials"
source_url: "https://docs.adyen.com/development-resources/api-credentials.md"
canonical: "https://docs.adyen.com/development-resources/api-credentials"
last_modified: "2021-08-06T10:58:00+02:00"
language: "en"
---

# API credentials

Generate and configure credentials for the API requests that you make to Adyen.

To securely authenticate your requests to Adyen's APIs, you need API credentials. These act as the identity for your integration, and ensures that every request is authorized and linked to the correct account. When your account is set up it includes one API credential. You can also create [multiple API credentials](#multiple-api-credentials) to improve security and control access.

An API credential consists of:

* **Username**: An identifier in the format `ws_123456@Company.[YourCompanyAccount]`.
* **API key**: A password to authenticate API requests.
* **Roles**: Permissions that define what the credential is allowed to do.

API credentials are created automatically during setup. You can manage them within your [Customer Area](https://ca-test.adyen.com/). From there, you can:

* [Create additional API credentials](#create-additional-api-credentials)
* [Generate an API key](#generate-api-key)
* [Configure API permissions](#manage-api-permissions) by assigning specific roles to your credentials

## Requirements

Before you begin, take into account the following requirements.

| Requirement                                    | Description                                                                                                                                        |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Integration type**                           | An Adyen integration.                                                                                                                              |
| **[Customer Area roles](/account/user-roles)** | Make sure that your user account has one of the following [roles](/account/user-roles):- **Manage API credentials** role
- **Merchant admin** role |

## Multiple API credentials

When deciding whether to create multiple API credentials, consider the following trade-offs. Fewer credentials mean fewer API keys to manage, while more credentials provide finer control over permissions and can improve security. For example:

* If you have both an online sales channel and a point-of-sale sales channel, we strongly recommend creating a separate API credential for each channel.
* If you are doing [unreferenced refunds](/online-payments/classic-integrations/modify-payments/refund#unreferenced-refund) for online payments, we strongly recommend creating a separate credential for processing these refunds.
* If you have an ecommerce system and a shipping system, you can separate the permissions for initiating and capturing payments.

Some merchants also create separate API credentials for different legal entities or different websites. The number of API credentials you create ultimately depends on how you want to structure access and permissions in your integration.

## Create additional API credentials

Your account includes default API credentials with the default account scopes:

* Credentials created on a company account can access the company account, including all linked merchant accounts.
* Credentials created on a merchant account can only access that merchant account.

You can create additional credentials and control their [account scope](#manage-api-scope) to better manage your integration.

To create a new API credential:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.
2. Go to **Developers** > **API credentials**.\
   This opens a list with all API credentials linked to your company account.
3. Select the **Payments** or **Platforms** tab, depending on your integration type.
4. Select ****Create new credential**.
5. In the **Create API credential** dialog, under **Credential type**, select **Web service user**.
6. Optional. In the **Description** field, describe the purpose of the credential.
7. Select **Create credential**.
8. On the **Configure API credentials** page, save the generated **Username**, for example, **ws\_123456\@Company.****\[YourCompanyAccount]**.
9. Under **Server settings** > **Authentication** select the **API key** tab.
10. Select **Generate API key**.
11. Select the copy icon **and store your API key securely in your system.
12. Select **Save changes**.

## Generate an API key

Use [API keys to authenticate your requests](/development-resources/api-authentication#api-key-authentication).

You can generate a new API key at any time, for example if a key is lost or compromised. When you generate a new API key, it becomes active immediately. The previous key remains active for 24 hours to allow you to update your systems.

To generate your API key:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Payments** or **Platforms** tab, depending on your integration type.

4. Select the credential username.

5. Under **Server settings** > **Authentication** select the **API key** tab.

6. Select **Generate API key**.

7. Select the copy icon **and store your API key securely in your system.

   You cannot copy the API key again after you leave the page.

8. Select **Save changes**.

When you switch to your live environment, you must generate a new API key in your [live Customer Area](https://ca-live.adyen.com/).

## Generate a basic authentication password

If you are using [basic authentication](/development-resources/api-authentication#using-basic-authentication) to authenticate your API requests, you can generate a basic authentication password for your API credential.

When you generate a new basic authentication password, the previous password is deactivated immediately.

If you want to continue using your existing password while updating your systems, you can instead [create a new API credential](#create-additional-api-credentials). This allows both credentials to remain active until you have updated your systems.

To generate a basic authentication password:

1. Log in to your [Customer Area](https://ca-test.adyen.com/).
2. Go to **Developers** > **API credentials**.\
   A list appears with all API credentials linked to your company account.
3. Select the **Payments** or **Platforms** tab, depending on your integration type.
4. Select the credential username you want to generate the password for.
5. On the **Configure API credential** page, in the **Server settings** section, select **Basic auth**.
6. Select **Generate password**.
7. Select the copy icon **and store your basic authentication password securely in your system.
8. Select **Save changes**.

When you switch to your live environment, use the basic authentication credentials from your [live Customer Area](https://ca-live.adyen.com/).

## Manage API permissions

Permissions for a API credential are defined by its enabled [roles](/development-resources/api-credentials/roles). An API credential must have at least one enabled role.

To manage API permissions:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.
2. Go to **Developers** > **API credentials**.
3. Select the **Payments** or **Platforms** tab, depending on your integration type.
4. Select the credential username.
5. On the **Configure API credential** page, under **Permissions**, expand the categories to see the lists of available roles.\
   You can also use the search bar to find specific roles.
6. Select the checkboxes of the roles you want to enable for the API credential.
7. Select **Save changes**.

## Manage API credential account scope

The scope of an API credential is determined by the account where it is created. By default, the following applies:

* Credentials created on a company account can access the company account, including all linked merchant accounts.
* Credentials created on a merchant account can only access that merchant account.

To manage the API account scope:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Payments** or **Platforms** tab, depending on your integration type.

4. Select the credential username.

5. On the **Configure API credential** page, under **Accounts**, expand the category to see the available options:

   * **Company account and all associated merchant accounts**
   * **Only selected account groups and merchant accounts**

   You can also use the search bar to locate specific accounts, then select the checkboxes for the accounts you want the API credential to access.

6. Select **Save changes**.

## Reset the expiry time of a previous API key

You can reset the expiry time of a previous API key by following these steps:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Payments** or **Platforms** tab, depending on your integration type.

4. Select the credential username.

5. On the **Configure API credential** page, in the **Server settings** section, select **API key**.

6. Under **Expiring keys**, see how much time is left until the previous key expires, and then either:

   * Select the reset icon **to reset the expiry time to 24 hours.
   * Select the expire now icon **to expire the previous key immediately.

7. Select **Save changes**.

## Add an allowed IP range

As a security measure, you can add allowed IP addresses to your API credential. When you add an allowed IP range, only requests originating from that range will be permitted.

To add allowed IP addresses:

1. Log in to your [Customer Area](https://ca-test.adyen.com/).
2. Go to **Developers** > **API credentials**.
3. Select the **Payments** or **Platforms** tab, depending on your integration type.
4. Select the credential username.
5. Under **Server settings**, select **Allowed IP range**.
6. Add IP addresses that you want to allow access from.
7. Select **Save changes**.

## Deactivate an API credential

API credentials cannot be deleted. However, you can deactivate a credential to prevent its API keys from being used. To deactivate an API credential:

1. Log in to your [Customer Area](https://ca-test.adyen.com/).
2. Go to **Developers** > **API credentials**.
3. Select the **Payments** or **Platforms** tab, depending on your integration type.
4. Select the credential username.
5. Under **General Settings** use the toggle to switch the webservice user to **Inactive**.
6. Select **Save changes**.

This change takes effect immediately and prevents the processing of API requests with this credential. You can switch it back to **Active** at any time to allow API requests again.

## See also

* [Online payments](/online-payments)
* [In-person payments](/point-of-sale)
* [PCI DSS compliance guide](/development-resources/pci-dss-compliance-guide)
* [Client-side authentication](/development-resources/client-side-authentication)