---
title: "API credentials for your balance platform"
description: "Generate and configure credentials for API requests related to the balance platform"
url: "https://docs.adyen.com/payouts/payout-service/manage-access/api-credentials-web-service"
source_url: "https://docs.adyen.com/payouts/payout-service/manage-access/api-credentials-web-service.md"
canonical: "https://docs.adyen.com/payouts/payout-service/manage-access/api-credentials-web-service"
last_modified: "2022-12-16T12:00:00+01:00"
language: "en"
---

# API credentials for your balance platform

Generate and configure credentials for API requests related to the balance platform

[View source](/payouts/payout-service/manage-access/api-credentials-web-service.md)

To securely authenticate your requests to Adyen's APIs, you need API credentials. These act as the identity for your integration, and ensures that every request is authorized and linked to the correct account.

An API credential consists of:

* **Username**: An identifier in the format `ws_123456@Company.[YourCompanyAccount]`.
* **API key**: A password to authenticate API requests.
* **Roles**: Permissions that define what the credential is allowed to do.

API credentials are created automatically during your balance platform setup. You can manage them within your [Customer Area](https://ca-test.adyen.com/). From there, you can:

* [Create additional API credentials](#create-additional-api-credentials)
* [Generate an API key](#generate-api-key)
* [Configure API permissions](#manage-api-permissions) by assigning specific roles to your credentials

## Requirements

Before you begin, take into account the following requirements.

| Requirement                                    | Description                                                                                                                                        |
| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Integration type**                           | An Adyen [payout service integration](/payouts/payout-service/integration-checklist).                                                              |
| **[Customer Area roles](/account/user-roles)** | Make sure that your user account has one of the following [roles](/account/user-roles):- **Manage API credentials role**
- **Merchant admin role** |

## API credentials included with your balance platform

When your balance platform account is set up, it includes API credentials that represent API users in your Customer Area. Your integration uses one or both of the following user types:

* **Web service users**: Used to authenticate requests to Adyen APIs.
* **LEM users**: Used to authenticate requests to the Legal Entity Management (LEM) API.

| User type       | Username format                                     | Authenticates requests to                                                                                                                                                                                                                                                                                                                                                                                                                    |
| --------------- | --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Web service** | `ws[_123456]@BalancePlatform.[YourBalancePlatform]` | • [Configuration API](https://docs.adyen.com/api-explorer/balanceplatform/latest/overview): Manage account holders and balance accounts. • [Transfers API](https://docs.adyen.com/api-explorer/transfers/latest/overview): Manage payouts to third-party bank accounts. • [Session authentication API](https://docs.adyen.com/api-explorer/sessionauthentication/latest/overview): Create session tokens for Platform Experience components. |

## Create additional API credentials

Your balance platform account includes default API credentials. You can create additional credentials to better manage your integration.

Using fewer credentials simplifies operations because you have fewer API keys to manage and rotate. Creating additional credentials, however, allows you to apply more granular API permissions and improve security. If an API key is compromised, its access is limited to the specific permissions assigned to that credential.

Common use cases to create additional API credentials include:

* **Granular access control**: You want to separate credentials based on their function. For example, use one credential to manage account holders and another to process transfers.
* **Sensitive data isolation**: You want to create dedicated credentials for actions such as PIN reveal or payment instrument reveal so these permissions are not bundled with standard API operations.

To create an API credential for a web service user:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

   API credentials for your balance platform can only be configured at the company account level.

2. Go to **Developers** > **API credentials**.

3. Select the **Platforms** tab.

4. Select ****Create new credential**.

5. In the **Create API credential** dialog, under **Credential type**, select **Web service user**.

6. Optional. In the **Description** field, describe the purpose of the credential.

7. Select **Create credential**.

8. On the **Configure API credentials** page, save the generated **Username**, for example **ws\_123456\@Company.\[YourCompanyAccount]**. You will need this later if you need to [manage API keys](/development-resources/api-credentials).

9. Under **Server settings** > **Authentication** select the **API key** tab.

10. Select **Generate API key**.

11. Select the copy icon **and store your API key securely in your system.

12. Select **Save changes**.

When switching to your live environment, you must create new API credentials in your [live Customer Area](https://ca-live.adyen.com/).

## Generate an API key

Use [API keys to authenticate your requests](/development-resources/api-authentication#api-key-authentication). Every web service user has its own API key.

You can generate a new API key at any time, for example if a key is lost or compromised. When you generate a new API key, it becomes active immediately. The previous key remains active for 24 hours to allow you to update your systems.

To generate an API key for a user:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Platforms** tab.

4. Select the credential username.

5. On the **Configure API credential** page, in the **Server settings** section, select **API key**.

6. Select **Generate API key**.

7. Select the copy icon **and store your API key securely in your system.

   You cannot copy the API key again after you leave the page.

8. Select **Save changes**.

When switching to your live environment, you must generate a new API key in your [live Customer Area](https://ca-live.adyen.com/).

## Reset the expiry time of a previous API key

You can reset the expiry time of a previous API key by following these steps:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Platforms** tab.

4. Select the credential username.

5. On the **Configure API credential** page, in the **Server settings** section, select **API key**.

6. Under **Expiring keys**, see how much time is left until the previous key expires, and then either:

   * Select the reset icon **to reset the expiry time to 24 hours.
   * Select the expire now icon **to expire the previous key immediately.

7. Select **Save changes**.

## Generate a basic authentication password

If you are using [basic authentication](/development-resources/api-authentication#using-basic-authentication) to authenticate your API requests, you can generate a basic authentication password for your API credential.

When you generate a new basic authentication password, the previous password is deactivated immediately.

If you want to continue using your existing password while updating your systems, you can instead [create a new API credential](#create-additional-api-credentials). This allows both credentials to remain active until you have updated your systems.

To generate a basic authentication password:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.

2. Go to **Developers** > **API credentials**.

3. Select the **Platforms** tab.

4. Select the credential username.

5. On the **Configure API credential** page, in the **Server settings** section, select **Basic auth**.

6. Select **Generate password**.

7. Select the copy icon **and securely store your basic authentication password in your system.

   You cannot copy the password again after you leave the page.

8. Select **Save changes**.

When switching from your test to your live environment, use the basic authentication credentials from your [live Customer Area](https://ca-live.adyen.com/).

## Manage API permissions

Permissions for a web service API credential are defined by its enabled [roles](/development-resources/api-credentials/roles). An API credential must have at least one enabled role.

To manage API permissions:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.
2. Go to **Developers** > **API credentials**.
3. Select either the **Payments** tab or the **Platforms** tab.
4. Select the username of the web service credential, for example: **ws\_\[123456]@BalancePlatform.****\[YourBalancePlatform]**.
5. On the **Configure API credential** page, under **Permissions**, expand the categories to see the lists of available roles.\
   You can also use the search bar to find specific roles.
6. Select the checkboxes of the roles you want to enable for the API credential.
7. Select **Save changes**.

## Deactivate an API credential

API credentials cannot be deleted. However, you can deactivate a credential to prevent its API keys from being used. To deactivate an API credential:

1. Log in to your [Customer Area](https://ca-test.adyen.com/) and select your **Company** account.
2. Go to **Developers** > **API credentials**.
3. Select the **Platforms** tab.
4. Select the credential username to open the **Configure API credential** page.
5. Under **General settings**, turn off the toggle next to the **Username** to switch the status from **Active** to **Inactive**.
6. Select **Save changes**.

## See also

* [Manage access for your team](/payouts/payout-service/manage-access)
* [Roles for API credentials](/payouts/payout-service/manage-access/webservice-roles)