APIKeyCreateV5

Request body for creating a v5 scoped-permission API key. permissions must be non-empty and may only contain permissions the caller itself holds (privilege-escalation guard). legacy_all cannot be requested.

  • name
    Type: string · Name
    required
  • permissions
    Type: array string[] · Permissions 1… unique!enum
    required
    values
    • payments:tap-ios
    • payments:tap-android
    • payments:read
    • payments:refund
    • payments:tipadjust
    • Type: string · Permissionenum

      A scoped permission a v5 API key can hold. Format is resource:action or resource:action:subtype. all grants every concrete permission; legacy_all is a grandfathered bucket set only on migrated pre-v5 keys and cannot be granted to new keys. The apikeys:*:sub variants govern keys on descendant (sub-) accounts. webhooks:* can only be granted by Koard PSP accounts.

      values
      • payments:tap-ios
      • payments:tap-android
      • payments:read
      • payments:refund
      • payments:tipadjust
  • account_id
    Type: string · Account Idnullable

    Ignored on /v5/apikeys — the key is always issued on the caller's own account.

  • expires_at
    Type: string · Expires AtFormat: date-timenullable

    Optional expiry. Defaults to a long-lived expiry when omitted.