{"title":"API credentials for your balance platform","category":"default","creationDate":1694077260,"content":"<p>To securely authenticate your requests to Adyen's APIs, you need API credentials. These act as the identity for your integration, and ensures that every request is authorized and linked to the correct account.<\/p>\n<p>An API credential consists of:<\/p>\n<ul>\n<li><strong>Username<\/strong>: An identifier in the format <code>ws_123456@Company.[YourCompanyAccount]<\/code>.<\/li>\n<li><strong>API key<\/strong>: A password to authenticate API requests.<\/li>\n<li><strong>Roles<\/strong>: Permissions that define what the credential is allowed to do.<\/li>\n<\/ul>\n<p>API credentials are created automatically during your balance platform setup. You can manage them within your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a>. From there, you can:<\/p>\n<ul>\n<li><a href=\"#create-additional-api-credentials\">Create additional API credentials<\/a><\/li>\n<li><a href=\"#generate-api-key\">Generate an API key<\/a><\/li>\n<li><a href=\"#manage-api-permissions\">Configure API permissions<\/a> by assigning specific roles to your credentials<\/li>\n<\/ul>\n<h2>Requirements<\/h2>\n<p>Before you begin, take into account the following requirements.<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">Requirement<\/th>\n<th style=\"text-align: left;\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Integration type<\/strong><\/td>\n<td style=\"text-align: left;\">An <a href=\"\/pt\/adyen-for-platforms-model\">Adyen for Platforms<\/a> integration.<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong><a href=\"\/pt\/account\/user-roles\">Customer Area roles<\/a><\/strong><\/td>\n<td style=\"text-align: left;\">Make sure that your user account has one of the following <a href=\"\/pt\/account\/user-roles\">roles<\/a>:<ul><li markdown=\"1\"><strong>Manage API credentials role<\/strong><\/li><li markdown=\"1\"><strong>Merchant admin role<\/strong><\/li><\/ul><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>API credentials included with your balance platform<\/h2>\n<p>When your balance platform account is set up, it includes API credentials that represent API users in your Customer Area. Your integration uses one or both of the following user types:<\/p>\n<ul>\n<li><strong>Web service users<\/strong>: Used to authenticate requests to Adyen APIs.<\/li>\n<li><strong>LEM users<\/strong>: Used to authenticate requests to the Legal Entity Management (LEM) API.<\/li>\n<\/ul>\n<table>\n<thead>\n<tr>\n<th style=\"text-align: left;\">User type<\/th>\n<th style=\"text-align: left;\">Username format<\/th>\n<th style=\"text-align: left;\">Authenticates requests to<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"text-align: left;\"><strong>Web service<\/strong><\/td>\n<td style=\"text-align: left;\"><code>ws[_123456]@BalancePlatform.[YourBalancePlatform]<\/code><\/td>\n<td style=\"text-align: left;\">\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Configuration API<\/a>: Manage account holders and balance accounts.<br>\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/transfers\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Transfers API<\/a>: Process transfers and Adyen-issued card payments.<br>\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/sessionauthentication\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Session authentication API<\/a>: Create session tokens for Platform Experience components.<br>\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/capital\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Capital API<\/a>: Offer business financing (additional configuration required).<\/td>\n<\/tr>\n<tr>\n<td style=\"text-align: left;\"><strong>Legal entity management<\/strong><\/td>\n<td style=\"text-align: left;\"><code>ws[_123456]@Scope.Company_[YourCompanyAccount]<\/code><\/td>\n<td style=\"text-align: left;\">\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/legalentity\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Legal Entity Management API<\/a>: Onboard and manage legal entities and <a href=\"\/pt\/platforms\/onboard-users\/onboarding-steps\">verification information<\/a>.<br>\u2022  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/sessionauthentication\/latest\/overview\" class=\" external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Session authentication API<\/a>: Create session tokens for Onboarding components.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"create-additional-api-credentials\">Create additional API credentials<\/h2>\n<p>Your balance platform account includes default API credentials. You can create additional credentials to better manage your integration.<\/p>\n<p>Using fewer credentials simplifies operations because you have fewer API keys to manage and rotate. Creating additional credentials, however, allows you to apply more granular API permissions and improve security. If an API key is compromised, its access is limited to the specific permissions assigned to that credential.<\/p>\n<p>Common use cases to create additional API credentials include:<\/p>\n<ul>\n<li><strong>Granular access control<\/strong>: You want to separate credentials based on their function. For example, use one credential to manage account holders and another to process transfers.<\/li>\n<li><strong>Sensitive data isolation<\/strong>: You want to create dedicated credentials for actions such as PIN reveal or payment instrument reveal so these permissions are not bundled with standard API operations.<\/li>\n<\/ul>\n<p>The following tabs explain how to create API credentials for both <strong>web service<\/strong> and <strong>LEM<\/strong> users.<\/p>\n\n<div id=\"tabbU46p\">\n    <div data-component-wrapper=\"tabs\">\n        <tabs\n                        :items=\"[{&quot;title&quot;:&quot;Web service user&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;To create an API credential for a web service user:&lt;\\\/p&gt;\\n&lt;ol&gt;\\n&lt;li&gt;\\n&lt;p&gt;Log in to your &lt;a href=\\&quot;https:\\\/\\\/ca-test.adyen.com\\\/\\&quot; target=\\&quot;_blank\\&quot; rel=\\&quot;nofollow noopener noreferrer\\&quot; class=\\&quot;external-link no-image\\&quot;&gt;Customer Area&lt;\\\/a&gt; and select your &lt;strong&gt;Company&lt;\\\/strong&gt; account.&lt;\\\/p&gt;\\n&lt;div class=\\&quot;sc-notice note\\&quot;&gt;&lt;div&gt;\\n&lt;p&gt;API credentials for your balance platform can only be configured at the company account level.&lt;\\\/p&gt;\\n&lt;\\\/div&gt;&lt;\\\/div&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Go to &lt;strong&gt;Developers&lt;\\\/strong&gt; &amp;gt; &lt;strong&gt;API credentials&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select the &lt;strong&gt;Platforms&lt;\\\/strong&gt; tab.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;i class=\\&quot;adl-icon-add\\&quot; role=\\&quot;img\\&quot; aria-label=\\&quot;add icon\\&quot;&gt;&lt;\\\/i&gt; &lt;strong&gt;Create new credential&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;In the &lt;strong&gt;Create API credential&lt;\\\/strong&gt; dialog, under &lt;strong&gt;Credential type&lt;\\\/strong&gt;, select &lt;strong&gt;Web service user&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Optional. In the &lt;strong&gt;Description&lt;\\\/strong&gt; field, describe the purpose of the credential.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Create credential&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;On the &lt;strong&gt;Configure API credentials&lt;\\\/strong&gt; page, save the generated &lt;strong&gt;Username&lt;\\\/strong&gt;, for example &lt;strong&gt;ws_123456@Company.[YourCompanyAccount]&lt;\\\/strong&gt;. You will need this later if you need to &lt;a href=\\&quot;\\\/pt\\\/development-resources\\\/api-credentials\\&quot;&gt;manage API keys&lt;\\\/a&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Under &lt;strong&gt;Server settings&lt;\\\/strong&gt; &amp;gt; &lt;strong&gt;Authentication&lt;\\\/strong&gt; select the &lt;strong&gt;API key&lt;\\\/strong&gt; tab.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Generate API key&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select the copy icon &lt;i class=\\&quot;adl-icon-copy\\&quot;&gt;&lt;\\\/i&gt; and store your API key securely in your system.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Save changes&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;\\\/ol&gt;\\n&quot;,&quot;altTitle&quot;:&quot;create-ws&quot;,&quot;oldTabId&quot;:&quot;create-ws_1&quot;,&quot;relation&quot;:&quot;&quot;},{&quot;title&quot;:&quot;LEM user&quot;,&quot;content&quot;:&quot;\\n&lt;p&gt;To create an API credential for a LEM user:&lt;\\\/p&gt;\\n&lt;ol&gt;\\n&lt;li&gt;\\n&lt;p&gt;Log in to your &lt;a href=\\&quot;https:\\\/\\\/ca-test.adyen.com\\\/\\&quot; target=\\&quot;_blank\\&quot; rel=\\&quot;nofollow noopener noreferrer\\&quot; class=\\&quot;external-link no-image\\&quot;&gt;Customer Area&lt;\\\/a&gt; and select your &lt;strong&gt;Company&lt;\\\/strong&gt; account.&lt;\\\/p&gt;\\n&lt;div class=\\&quot;sc-notice note\\&quot;&gt;&lt;div&gt;\\n&lt;p&gt;API credentials for your balance platform can only be configured at the company account level.&lt;\\\/p&gt;\\n&lt;\\\/div&gt;&lt;\\\/div&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Go to &lt;strong&gt;Developers&lt;\\\/strong&gt; &amp;gt; &lt;strong&gt;API credentials&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select the &lt;strong&gt;Platforms&lt;\\\/strong&gt; tab.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;i class=\\&quot;adl-icon-add\\&quot; role=\\&quot;img\\&quot; aria-label=\\&quot;add icon\\&quot;&gt;&lt;\\\/i&gt; &lt;strong&gt;Create new credential&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;In the &lt;strong&gt;Create API credential&lt;\\\/strong&gt; dialog, under &lt;strong&gt;Credential type&lt;\\\/strong&gt;, select &lt;strong&gt;LEM user&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Optional. In the &lt;strong&gt;Description&lt;\\\/strong&gt; field, describe the purpose of the credential.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Create credential&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;On the &lt;strong&gt;Configure API credentials&lt;\\\/strong&gt; page, save the generated &lt;strong&gt;Username&lt;\\\/strong&gt;, for example &lt;strong&gt;ws_123456@Company.[YourCompanyAccount]&lt;\\\/strong&gt;. You will need this later if you need to &lt;a href=\\&quot;\\\/pt\\\/development-resources\\\/api-credentials\\&quot;&gt;manage API keys&lt;\\\/a&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Under &lt;strong&gt;Server settings&lt;\\\/strong&gt; &amp;gt; &lt;strong&gt;Authentication&lt;\\\/strong&gt; select the &lt;strong&gt;API key&lt;\\\/strong&gt; tab.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Generate API key&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select the copy icon &lt;i class=\\&quot;adl-icon-copy\\&quot;&gt;&lt;\\\/i&gt; and store your API key securely in your system.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;li&gt;\\n&lt;p&gt;Select &lt;strong&gt;Save changes&lt;\\\/strong&gt;.&lt;\\\/p&gt;\\n&lt;\\\/li&gt;\\n&lt;\\\/ol&gt;\\n&quot;,&quot;altTitle&quot;:&quot;create-lem&quot;,&quot;oldTabId&quot;:&quot;create-lem_2&quot;,&quot;relation&quot;:&quot;&quot;}]\"\n            :should-update-when-url-changes='true'>\n        <\/tabs>\n    <\/div>\n<\/div>\n\n<p>When switching to your live environment, you must create new API credentials in your <a href=\"https:\/\/ca-live.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">live Customer Area<\/a>.<\/p>\n<h2 id=\"generate-api-key\">Generate an API key<\/h2>\n<p>Use <a href=\"\/pt\/development-resources\/api-authentication#api-key-authentication\">API keys to authenticate your requests<\/a>. Every web service and LEM user has its own API key.<\/p>\n<p>You can generate a new API key at any time, for example if a key is lost or compromised. When you generate a new API key, it becomes active immediately. The previous key remains active for 24 hours to allow you to update your systems.<\/p>\n<p>To generate an API key for a user:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select your <strong>Company<\/strong> account.<\/li>\n<li>Go to <strong>Developers<\/strong> &gt; <strong>API credentials<\/strong>.<\/li>\n<li>Select the <strong>Platforms<\/strong> tab.<\/li>\n<li>Select the credential username.<\/li>\n<li>On the <strong>Configure API credential<\/strong> page, in the <strong>Server settings<\/strong> section, select <strong>API key<\/strong>.<\/li>\n<li>Select <strong>Generate API key<\/strong>.<\/li>\n<li>Select the copy icon <i class=\"adl-icon-copy\"><\/i> and store your API key securely in your system.\n<div class=\"notices yellow\">\n<p>You cannot copy the API key again after you leave the page.<\/p>\n<\/div><\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<p>When switching to your live environment, you must generate a new API key in your <a href=\"https:\/\/ca-live.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">live Customer Area<\/a>.<\/p>\n<h2 id=\"reset-api-key\">Reset the expiry time of a previous API key<\/h2>\n<p>You can reset the expiry time of a previous API key by following these steps:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select your <strong>Company<\/strong> account.<\/li>\n<li>Go to <strong>Developers<\/strong> &gt; <strong>API credentials<\/strong>.<\/li>\n<li>Select the <strong>Platforms<\/strong> tab.<\/li>\n<li>Select the credential username.<\/li>\n<li>On the <strong>Configure API credential<\/strong> page, in the <strong>Server settings<\/strong> section, select <strong>API key<\/strong>.<\/li>\n<li>Under <strong>Expiring keys<\/strong>, see how much time is left until the previous key expires, and then either:\n<ul>\n<li>Select the reset icon <i class=\"adl-icon-rotate-right\"><\/i> to reset the expiry time to 24 hours.<\/li>\n<li>Select the expire now icon <i class=\"adl-icon-bin\"><\/i> to expire the previous key immediately.<\/li>\n<\/ul><\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<h2 id=\"basic-authentication\">Generate a basic authentication password<\/h2>\n<p>If you are using <a href=\"\/pt\/development-resources\/api-authentication#using-basic-authentication\">basic authentication<\/a> to authenticate your API requests, you can generate a basic authentication password for your API credential.<\/p>\n<div class=\"notices red\">\n<p>When you generate a new basic authentication password, the previous password is deactivated immediately.<\/p>\n<\/div>\n<p>If you want to continue using your existing password while updating your systems, you can instead <a href=\"#create-additional-api-credentials\">create a new API credential<\/a>. This allows both credentials to remain active until you have updated your systems.<\/p>\n<p>To generate a basic authentication password:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select your <strong>Company<\/strong> account.<\/li>\n<li>Go to <strong>Developers<\/strong> &gt; <strong>API credentials<\/strong>.<\/li>\n<li>Select the <strong>Platforms<\/strong> tab.<\/li>\n<li>Select the credential username.<\/li>\n<li>On the <strong>Configure API credential<\/strong> page, in the <strong>Server settings<\/strong> section, select <strong>Basic auth<\/strong>.<\/li>\n<li>Select <strong>Generate password<\/strong>.<\/li>\n<li>Select the copy icon <i class=\"adl-icon-copy\"><\/i> and securely store your basic authentication password in your system.\n<div class=\"notices yellow\">\n<p>You cannot copy the password again after you leave the page.<\/p>\n<\/div><\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<p>When switching from your test to your live environment, use the basic authentication credentials from your <a href=\"https:\/\/ca-live.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">live Customer Area<\/a>.<\/p>\n<h2 id=\"manage-api-permissions\">Manage API permissions<\/h2>\n<p>Permissions for a web service API credential are defined by its enabled <a href=\"\/pt\/development-resources\/api-credentials\/roles\">roles<\/a>. An API credential must have at least one enabled role.<\/p>\n<p>To manage API permissions:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select your <strong>Company<\/strong> account.<\/li>\n<li>Go to <strong>Developers<\/strong> &gt; <strong>API credentials<\/strong>.<\/li>\n<li>Select either the <strong>Payments<\/strong> tab or the <strong>Platforms<\/strong> tab.<\/li>\n<li>Select the username of the web service credential, for example: <strong>ws_[123456]@BalancePlatform.[YourBalancePlatform]<\/strong>.<\/li>\n<li>On the <strong>Configure API credential<\/strong> page, under <strong>Permissions<\/strong>, expand the categories to see the lists of available roles.<br \/>\nYou can also use the search bar to find specific roles.<\/li>\n<li>Select the checkboxes of the roles you want to enable for the API credential.<\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<h2>Deactivate an API credential<\/h2>\n<p>API credentials cannot be deleted. However, you can deactivate a credential to prevent its API keys from being used. To deactivate an API credential:<\/p>\n<ol>\n<li>Log in to your <a href=\"https:\/\/ca-test.adyen.com\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Customer Area<\/a> and select your <strong>Company<\/strong> account.<\/li>\n<li>Go to <strong>Developers<\/strong> &gt; <strong>API credentials<\/strong>.<\/li>\n<li>Select the <strong>Platforms<\/strong> tab.<\/li>\n<li>Select the credential username to open the <strong>Configure API credential<\/strong> page.<\/li>\n<li>Under <strong>General settings<\/strong>, turn off the toggle next to the <strong>Username<\/strong> to switch the status from <strong>Active<\/strong> to <strong>Inactive<\/strong>.<\/li>\n<li>Select <strong>Save changes<\/strong>.<\/li>\n<\/ol>\n<h2>See also<\/h2>\n<div class=\"see-also-links output-inline\" id=\"see-also\">\n<ul><li><a href=\"\/platforms\/manage-access\"\n                        target=\"_self\"\n                        >\n                    Manage access for your team\n                <\/a><\/li><li><a href=\"\/platforms\/manage-access\/webservice-roles\"\n                        target=\"_self\"\n                        >\n                    Roles for API credentials\n                <\/a><\/li><\/ul><\/div>\n","url":"https:\/\/docs.adyen.com\/pt\/platforms\/manage-access\/api-credentials-web-service","articleFields":{"description":"Generate and configure credentials for API requests related to the balance platform","feedback_component":true,"type":"page","_expandable":{"operations":""},"status":"current","last_edit_on":"07-09-2023 11:19","parameters":{"directoryPath":"\/platforms","model":"platform"},"filters_component":false},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/platforms\/manage-access\/api-credentials-web-service","title":"API credentials for your balance platform","content":"To securely authenticate your requests to Adyen's APIs, you need API credentials. These act as the identity for your integration, and ensures that every request is authorized and linked to the correct account.\nAn API credential consists of:\n\nUsername: An identifier in the format ws_123456@Company.[YourCompanyAccount].\nAPI key: A password to authenticate API requests.\nRoles: Permissions that define what the credential is allowed to do.\n\nAPI credentials are created automatically during your balance platform setup. You can manage them within your Customer Area. From there, you can:\n\nCreate additional API credentials\nGenerate an API key\nConfigure API permissions by assigning specific roles to your credentials\n\nRequirements\nBefore you begin, take into account the following requirements.\n\n\n\nRequirement\nDescription\n\n\n\n\nIntegration type\nAn Adyen for Platforms integration.\n\n\nCustomer Area roles\nMake sure that your user account has one of the following roles:Manage API credentials roleMerchant admin role\n\n\n\nAPI credentials included with your balance platform\nWhen your balance platform account is set up, it includes API credentials that represent API users in your Customer Area. Your integration uses one or both of the following user types:\n\nWeb service users: Used to authenticate requests to Adyen APIs.\nLEM users: Used to authenticate requests to the Legal Entity Management (LEM) API.\n\n\n\n\nUser type\nUsername format\nAuthenticates requests to\n\n\n\n\nWeb service\nws[_123456]@BalancePlatform.[YourBalancePlatform]\n\u2022  Configuration API: Manage account holders and balance accounts.\u2022  Transfers API: Process transfers and Adyen-issued card payments.\u2022  Session authentication API: Create session tokens for Platform Experience components.\u2022  Capital API: Offer business financing (additional configuration required).\n\n\nLegal entity management\nws[_123456]@Scope.Company_[YourCompanyAccount]\n\u2022  Legal Entity Management API: Onboard and manage legal entities and verification information.\u2022  Session authentication API: Create session tokens for Onboarding components.\n\n\n\nCreate additional API credentials\nYour balance platform account includes default API credentials. You can create additional credentials to better manage your integration.\nUsing fewer credentials simplifies operations because you have fewer API keys to manage and rotate. Creating additional credentials, however, allows you to apply more granular API permissions and improve security. If an API key is compromised, its access is limited to the specific permissions assigned to that credential.\nCommon use cases to create additional API credentials include:\n\nGranular access control: You want to separate credentials based on their function. For example, use one credential to manage account holders and another to process transfers.\nSensitive data isolation: You want to create dedicated credentials for actions such as PIN reveal or payment instrument reveal so these permissions are not bundled with standard API operations.\n\nThe following tabs explain how to create API credentials for both web service and LEM users.\n\n\n    \n        \n        \n    \n\n\nWhen switching to your live environment, you must create new API credentials in your live Customer Area.\nGenerate an API key\nUse API keys to authenticate your requests. Every web service and LEM user has its own API key.\nYou can generate a new API key at any time, for example if a key is lost or compromised. When you generate a new API key, it becomes active immediately. The previous key remains active for 24 hours to allow you to update your systems.\nTo generate an API key for a user:\n\nLog in to your Customer Area and select your Company account.\nGo to Developers &gt; API credentials.\nSelect the Platforms tab.\nSelect the credential username.\nOn the Configure API credential page, in the Server settings section, select API key.\nSelect Generate API key.\nSelect the copy icon  and store your API key securely in your system.\n\nYou cannot copy the API key again after you leave the page.\n\nSelect Save changes.\n\nWhen switching to your live environment, you must generate a new API key in your live Customer Area.\nReset the expiry time of a previous API key\nYou can reset the expiry time of a previous API key by following these steps:\n\nLog in to your Customer Area and select your Company account.\nGo to Developers &gt; API credentials.\nSelect the Platforms tab.\nSelect the credential username.\nOn the Configure API credential page, in the Server settings section, select API key.\nUnder Expiring keys, see how much time is left until the previous key expires, and then either:\n\nSelect the reset icon  to reset the expiry time to 24 hours.\nSelect the expire now icon  to expire the previous key immediately.\n\nSelect Save changes.\n\nGenerate a basic authentication password\nIf you are using basic authentication to authenticate your API requests, you can generate a basic authentication password for your API credential.\n\nWhen you generate a new basic authentication password, the previous password is deactivated immediately.\n\nIf you want to continue using your existing password while updating your systems, you can instead create a new API credential. This allows both credentials to remain active until you have updated your systems.\nTo generate a basic authentication password:\n\nLog in to your Customer Area and select your Company account.\nGo to Developers &gt; API credentials.\nSelect the Platforms tab.\nSelect the credential username.\nOn the Configure API credential page, in the Server settings section, select Basic auth.\nSelect Generate password.\nSelect the copy icon  and securely store your basic authentication password in your system.\n\nYou cannot copy the password again after you leave the page.\n\nSelect Save changes.\n\nWhen switching from your test to your live environment, use the basic authentication credentials from your live Customer Area.\nManage API permissions\nPermissions for a web service API credential are defined by its enabled roles. An API credential must have at least one enabled role.\nTo manage API permissions:\n\nLog in to your Customer Area and select your Company account.\nGo to Developers &gt; API credentials.\nSelect either the Payments tab or the Platforms tab.\nSelect the username of the web service credential, for example: ws_[123456]@BalancePlatform.[YourBalancePlatform].\nOn the Configure API credential page, under Permissions, expand the categories to see the lists of available roles.\nYou can also use the search bar to find specific roles.\nSelect the checkboxes of the roles you want to enable for the API credential.\nSelect Save changes.\n\nDeactivate an API credential\nAPI credentials cannot be deleted. However, you can deactivate a credential to prevent its API keys from being used. To deactivate an API credential:\n\nLog in to your Customer Area and select your Company account.\nGo to Developers &gt; API credentials.\nSelect the Platforms tab.\nSelect the credential username to open the Configure API credential page.\nUnder General settings, turn off the toggle next to the Username to switch the status from Active to Inactive.\nSelect Save changes.\n\nSee also\n\n\n                    Manage access for your team\n                \n                    Roles for API credentials\n                \n","type":"page","locale":"pt","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Platforms","lvl2":"Manage access for your team","lvl3":"API credentials for your balance platform"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/platforms","lvl2":"https:\/\/docs.adyen.com\/pt\/platforms\/manage-access","lvl3":"\/pt\/platforms\/manage-access\/api-credentials-web-service"},"levels":4,"category":"Platforms","category_color":"green","tags":["credentials","balance","platform"]}}