Skip to main content
Skip table of contents

API keys

Do not store your API keys in publicly accessible places and do not pass them on. Anyone who has access to your API keys can access your accounts via the API and possibly send unauthorized payments!

Here you will find an overview of all API keys for your client. An API key is required to gain access to the konfipay API with a software application, as the API endpoints are not public.

In the overview, you can see at a glance the name of a key, whether it is active, when it was created (column: "Timestamp") and when it was last used for authentication at the API (column: "Last request"). To copy an API key to the clipboard, click on the copy symbol next to the key:


Icon for copying an API key

Add or edit keys

To create a new API key, click in the toolbar on Add at the top left. Assign a name for the key and define the so-called scope by selecting which API endpoints the key may access.

To change the name or scope for an existing key, select the API key in the list and click on Edit.


Acknowledgement per API key

When creating or editing an API key, you have the option of activating the acknowledgement for the corresponding API key individually. Please note that the activation of the individual acknowledgement can not be reversed.

To take advantage of the acknowledgement per API key, it is required that you use a separate API key for each application connected via the API.

Background info

Acknowledgement per API key means that an independent dataset with the status of acknowledgements is kept for the respective key when it is activated. For example, when an account transaction is retrieved via the API, the account transaction is only marked as retrieved for this individual API key. This is useful if you access your client's data via the API using different applications and the data should be complete in each application separately.

You can also activate the acknowledgement per API key for some API keys only if required. In this case, the API keys with general acknowledgement continue to access the general, client-wide acknowledgement status.

Example: You use two API keys to retrieve account transactions via konfipay sync and via your ERP system. If you do not use the acknowledgement per API key, the account transaction is retrieved in konfipay sync, for example, and then acknowledged. In this case, the acknowledgement applies to all applications that retrieve data via the konfipay API. If the ERP system then wants to retrieve all unacknowledged transactions, it will no longer receive any data, as the acknowledgements have already been set by konfipay sync.

To avoid such a scenario, a separate API key can be used in konfipay sync and in the ERP application, for which the acknowledgement per API key has been activated. If konfipay sync now acknowledges a retrieval, this is linked to the API key and only counts for this API key. The ERP system is therefore not affected and can acknowledge the retrieved data independently.

File types with their own acknowledgement status

The acknowledgement status is logged in konfipay for the following file types:

File type

API end point with API documentation link

Account transactions



PayPal transactions


Miscellaneous files (e.g. PDF account statements)


PaymentProvider data


Activating the acknowledgement per API key

If you activate the acknowledgement per API key for an API key, you must select the status of the acknowledgements with which you want to activate the option for the key. This status only serves as a starting point. After activation, the status of the acknowledgements for this key is decoupled from the general status. You have the following options:

  • Current status → the status of the client-wide acknowledgement status is adopted and the retrieval is acknowledged individually for all future data records

  • All new → all existing data records are marked as "Not retrieved"/"New" for the corresponding API key

  • All retrieved → all available data records are marked as "Retrieved" for the corresponding API key

  • All retrieved until → the available data records are marked as "Retrieved" up to the corresponding date for the corresponding API key, and all later available data records are marked as "Not retrieved"/"New"

When the acknowledgement is activated for each API key, the API key is briefly deactivated so that the selected status of the acknowledgements can be applied in the background. You cannot use the API key during this time. The duration varies between a few seconds and several minutes, depending on the size of the database.

Mass change of the acknowledgement status for individual API keys

Within the konfipay user interface, you can only make mass changes to the general, client-wide acknowledgement status for files, but not for individual API keys. For individual API keys, you can only change the acknowledgement status for each file individually. If you need to make a mass change to the acknowledgement status for individual API keys, please contact our support team at

Deactivate or delete key

If you no longer need an API key and want to ensure that it can no longer be used for access, you can deactivate or delete the key. Deletion is permanent; a deactivated key can be reactivated and used again at a later time.

To delete or deactivate an API key, select the key in the list and click on Delete or Deactivate.

Regenerate key

You can regenerate an existing API key by selecting the key in the list and clicking on Generate new. As a result, the key must be re-entered in all applications that use it, as the old key then loses its validity.

Regenerating an API key is comparable to changing a password - the new password must then be re-entered on all devices.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.