API keys

Info

• Direct link: konfipay (DE) | konfipay (CH)

• Navigation path: Client management > API > API key

• Quick navigation: API Schlüssel

• User groups: Admin, Full access, Management

• Required permissions: API Show keys/Add and remove keys

General information

This page provides an overview over the API keys of a client. An API key is used for authentication when accessing the konfipay API using an external application. The API endpoints are not publicly accessible and require successful authentication to use them. Further details on authentication via API key are available in the API documentation.

API keys must not be saved in publicly accessible places and must not be shared with anyone. Anyone who has access to an API key can access the corresponding client via the API and potentially send unauthorized payments!

Key overview

In the key overview, a key can be displayed via the eye symbol, or be copied to the clipboard. A key can be deactivated if necessary and reactivated later - as long as it is deactivated, it cannot be used for API access.

Regenerate or delete key

The key can also be regenerated or deleted completely. Please note that changing, deleting or deactivating an API key will result in all client applications using this key no longer being able to authenticate themselves to konfipay. The new key must then also be added again in the external application.

Add key

Using Add, a new API key can be generated. First, this requires a title, e.g. with the name of the application for which the key is to be used.

Authorizations of the key

The Authorizations of the key can also be specified, i.e. which API functions can be accessed with the key. For example, if an application is to be used only to retrieve account transactions, it may make sense for security reasons to allow the key only for banking documents.