APIKeyCreateV5
Request body for creating a v5 scoped-permission API key. permissions must be non-empty and may only contain permissions the caller itself holds (privilege-escalation guard). legacy_all cannot be requested.
- nameType: string · Namerequired
- permissionsType: array string[] · Permissions 1… unique!enumrequiredvalues
- payments:tap
-ios - payments:tap
-android - payments:read
- payments:refund
- payments:tipadjust
- Type: string · Permissionenum
A scoped permission a v5 API key can hold. Format is
resource:actionorresource:action:subtype.allgrants every concrete permission;legacy_allis a grandfathered bucket set only on migrated pre-v5 keys and cannot be granted to new keys. Theapikeys:*:subvariants govern keys on descendant (sub-) accounts.webhooks:*can only be granted by Koard PSP accounts.values- payments:tap
-ios - payments:tap
-android - payments:read
- payments:refund
- payments:tipadjust
- accountType: string · Account Idnullable
_id Ignored on
/v5/apikeys— the key is always issued on the caller's own account. - expiresType: string · Expires AtFormat: date-timenullable
_at Optional expiry. Defaults to a long-lived expiry when omitted.

