API Key Management
Create, list, rotate, and delete API keys for your Balance API environments.
API keys are how your applications authenticate with the Balance API verification endpoints. Manage them through the dashboard endpoints below.
Protected routes require a valid dashboard session cookie (-b pacspace-dashboard-cookies.txt).
Base URL: https://app.pacspace.io
POST https://app.pacspace.io/dashboard/api-keys
Create an API Key
Generate a new API key for a specific environment.
curl -X POST https://app.pacspace.io/dashboard/api-keys \
-b pacspace-dashboard-cookies.txt \
-H "Content-Type: application/json" \
-d '{
"name": "Production Backend",
"environment": "live"
}'
Response 201 Created
{
"statusCode": 201,
"data": {
"id": "key_abc123",
"name": "Production Backend",
"environment": "live",
"publicKey": "pk_live_abc123def456",
"secretKey": "SECRET",
"fullKey": "pk_live_PUBLIC.SECRET",
"createdAt": "2025-06-01T12:00:00.000Z",
"active": true
}
}
Important: The
fullKeyandsecretKeyare only returned once at creation time. Store them securely - you will not be able to retrieve them again.
List API Keys
Retrieve all API keys for your tenant with pagination.
curl "https://app.pacspace.io/dashboard/api-keys?page=1&limit=20" \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"statusCode": 200,
"data": {
"items": [
{
"id": "key_abc123",
"name": "Production Backend",
"environment": "live",
"publicKey": "pk_live_abc123def456",
"active": true,
"createdAt": "2025-06-01T12:00:00.000Z",
"lastUsedAt": "2025-06-10T08:30:00.000Z"
}
],
"total": 1,
"page": 1,
"limit": 20
}
}
The
secretKeyis never returned in list responses.
Get a Single API Key
Retrieve details for a specific API key.
curl https://app.pacspace.io/dashboard/api-keys/key_abc123 \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"statusCode": 200,
"data": {
"id": "key_abc123",
"name": "Production Backend",
"environment": "live",
"publicKey": "pk_live_abc123def456",
"active": true,
"createdAt": "2025-06-01T12:00:00.000Z",
"lastUsedAt": "2025-06-10T08:30:00.000Z"
}
}
Regenerate an API Key
Rotate the secret for an existing key. The old secret is immediately invalidated.
curl -X POST https://app.pacspace.io/dashboard/api-keys/key_abc123/regenerate \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"statusCode": 200,
"data": {
"id": "key_abc123",
"publicKey": "pk_live_abc123def456",
"secretKey": "NEW_SECRET",
"fullKey": "pk_live_PUBLIC.NEW_SECRET"
}
}
Important: The new
fullKeyandsecretKeyare shown only once. Update your application configuration immediately.
Toggle an API Key
Enable or disable an API key without deleting it.
curl -X POST https://app.pacspace.io/dashboard/api-keys/key_abc123/toggle \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"statusCode": 200,
"data": {
"id": "key_abc123",
"active": false,
"message": "API key has been disabled."
}
}
Calling toggle again re-enables the key.
Delete an API Key
Permanently remove an API key. This action cannot be undone.
curl -X DELETE https://app.pacspace.io/dashboard/api-keys/key_abc123 \
-b pacspace-dashboard-cookies.txt
Response 200 OK
{
"statusCode": 200,
"message": "API key deleted successfully."
}
API Key Format
Balance API keys follow this format:
pk_{environment}_{publicId}.{secretKey}
| Part | Example | Description |
|---|---|---|
pk_ | pk_live_abc123 | Public key prefix with environment |
. | - | Separator |
| Secret | 789ghi012jkl | Secret portion (never logged or returned after creation) |
Use the full key in the X-Api-Key header when calling the verification API.
Endpoints Summary
| Endpoint | Method | Description |
|---|---|---|
/dashboard/api-keys | POST | Create a new API key |
/dashboard/api-keys | GET | List all API keys |
/dashboard/api-keys/:id | GET | Get a single API key |
/dashboard/api-keys/:id/regenerate | POST | Rotate the secret |
/dashboard/api-keys/:id/toggle | POST | Enable or disable |
/dashboard/api-keys/:id | DELETE | Permanently delete |