APIKeyResponseV5

Response body for v5 API key endpoints. The plaintext key is populated only on the create (POST) response or for legacy keys; on later reads it is null and only key_last4 is returned.

  • account_id
    Type: string · Account Id
    required
  • created_at
    Type: string · Created AtFormat: date-time
    required

    the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z

  • id
    Type: string · Id
    required
  • is_legacy
    Type: boolean · Is Legacy
    required
  • name
    Type: string · Name
    required
  • permissions
    Type: array string[] · Permissionsenum
    required
    values
    • payments:tap-ios
    • payments:tap-android
    • payments:read
    • payments:refund
    • payments:tipadjust
    • Type: string · Permissionenum

      A scoped permission a v5 API key can hold. Format is resource:action or resource:action:subtype. all grants every concrete permission; legacy_all is a grandfathered bucket set only on migrated pre-v5 keys and cannot be granted to new keys. The apikeys:*:sub variants govern keys on descendant (sub-) accounts. webhooks:* can only be granted by Koard PSP accounts.

      values
      • payments:tap-ios
      • payments:tap-android
      • payments:read
      • payments:refund
      • payments:tipadjust
  • status
    Type: string · APIKeyStatusenum
    required
    values
    • active
    • revoked
    • expired
  • expires_at
    Type: string · Expires AtFormat: date-timenullable

    the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z

  • key
    Type: string · Keynullable

    Plaintext key — returned once on create, otherwise null.

  • key_last4
    Type: string · Key Last4nullable

    Last four characters of the secret, for display.

  • last_used_at
    Type: string · Last Used AtFormat: date-timenullable

    the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z