APIKeyResponseV5
Response body for v5 API key endpoints. The plaintext key is populated only on the create (POST) response or for legacy keys; on later reads it is null and only key_last4 is returned.
- accountType: string · Account Id
_id required - createdType: string · Created AtFormat: date-time
_at requiredthe date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z
- idType: string · Idrequired
- isType: boolean · Is Legacy
_legacy required - nameType: string · Namerequired
- permissionsType: array string[] · Permissionsenumrequiredvalues
- payments:tap
-ios - payments:tap
-android - payments:read
- payments:refund
- payments:tipadjust
- Type: string · Permissionenum
A scoped permission a v5 API key can hold. Format is
resource:actionorresource:action:subtype.allgrants every concrete permission;legacy_allis a grandfathered bucket set only on migrated pre-v5 keys and cannot be granted to new keys. Theapikeys:*:subvariants govern keys on descendant (sub-) accounts.webhooks:*can only be granted by Koard PSP accounts.values- payments:tap
-ios - payments:tap
-android - payments:read
- payments:refund
- payments:tipadjust
- statusType: string · APIKeyStatusenumrequiredvalues
- active
- revoked
- expired
- expiresType: string · Expires AtFormat: date-timenullable
_at the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z
- keyType: string · Keynullable
Plaintext key — returned once on create, otherwise null.
- keyType: string · Key Last4nullable
_last4 Last four characters of the secret, for display.
- lastType: string · Last Used AtFormat: date-timenullable
_used _at the date-time notation as defined by RFC 3339, section 5.6, for example, 2017-07-21T17:32:28Z

