 (1) (1)-nobg.svg?dpl=dpl_p5zuruSp6XXCSM585kX47x2KwV5k){kind=small}
API Keys
Create and manage API keys for authentication.
Overview
API keys are used to authenticate requests to the Uprails API. You can create multiple API keys with different permissions and scopes for different purposes.
Security
Keep your API keys secure. Never share them publicly, commit them to version control, or expose them in client-side code.
API Key Object
API Key Objectjson
{
"key_id": "key_1234567890abcdef",
"merchant_id": "mer_xyz789",
"name": "Production API Key",
"prefix": "prd_",
"type": "secret",
"permissions": ["payments:write", "refunds:write", "customers:read"],
"created": "2024-01-15T10:00:00Z",
"expires_at": null,
"last_used_at": "2024-01-16T14:30:00Z"
}Note: The actual API key value is only shown once when created. It cannot be retrieved later.
API Endpoints
Key Types
| Type | Prefix | Usage |
|---|---|---|
| Sandbox Secret Key | snd_ | Server-side testing |
| Production Secret Key | prd_ | Server-side production |
| Sandbox Publishable Key | pk_snd_ | Client-side testing |
| Production Publishable Key | pk_prd_ | Client-side production |
Permissions
API keys can be scoped to specific permissions:
| Permission | Description |
|---|---|
payments:read | Read payment data |
payments:write | Create and update payments |
refunds:write | Create refunds |
customers:read | Read customer data |
customers:write | Create and update customers |
Best Practices
Use environment variables
Store API keys in environment variables, not in code or config files.
Rotate keys regularly
Create new keys and revoke old ones periodically for security.
Use minimal permissions
Only grant the permissions each key actually needs.