Skip to main content

Overview

Use merchant API keys (x-api-key) for server-to-server integrations.

Authentication

Requires a dashboard bearer token (Authorization: Bearer <jwt>). 
const pepay = new Pepay({ bearerToken: process.env.PEPAY_JWT! });

Request

List keys

const keys = await pepay.apiKeys.list();

Create a key

const created = await pepay.apiKeys.create({
  name: 'production-server',
  expires_at: null
});

Revoke a key

await pepay.apiKeys.revoke('key_123');

Response

Example list response (keys are masked): 
[
  {
    "key_id": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Production API Key",
    "expires_at": null,
    "last_used_at": "2025-12-21T12:00:00.000Z",
    "created_at": "2025-12-01T12:00:00.000Z"
  }
]

Errors

  • 401 missing/invalid dashboard bearer token
  • 404 key not found (revoke)
  • 403 policy limits (for example: maximum number of active keys)

Examples

  • Rotate keys by creating a new key, deploying it, then revoking the old key.
Next: Invoices