Skip to main content

Overview

Commerce API keys (ck_...) authorize commerce operations (search, merchant carts, checkout, orders, payments).

Authentication

  • Key management uses Authorization: Bearer <jwt>.
  • Commerce operations use x-commerce-api-key.

Request

List commerce API keys

const keys = await pepay.withAuth({ bearerToken: process.env.PEPAY_DASHBOARD_JWT! }).commerce.apiKeys.list();

Create a commerce API key

const created = await pepay.withAuth({ bearerToken: process.env.PEPAY_DASHBOARD_JWT! }).commerce.apiKeys.create({
  name: 'Commerce Server Key',
  expiresAt: null
});

Revoke a commerce API key

await pepay.withAuth({ bearerToken: process.env.PEPAY_DASHBOARD_JWT! }).commerce.apiKeys.revoke(
  '550e8400-e29b-41d4-a716-446655440000'
);

Response

Example list response (truncated): 
[
  {
    "key_id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Commerce Server Key",
    "scope": "commerce",
    "status": "active",
    "expires_at": null,
    "last_used_at": "2025-12-21T12:00:00.000Z",
    "created_at": "2025-12-01T12:00:00.000Z",
    "revoked_at": null,
    "revoked_reason": null
  }
]
Example create response (save api_key now; it is only returned once): 
{
  "key_id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "Commerce Server Key",
  "scope": "commerce",
  "api_key": "ck_0123456789abcdef...",
  "expires_at": null
}
Example revoke response: 
{ "message": "API key revoked successfully" }

Errors

  • 401 missing/invalid auth
  • 403 key suspended/expired

Examples

  • Save newly created keys securely; full key material is typically returned once. Next: Payment sessions