πGetting API Keys
API Keys are the βpower toolsβ of DevPayr. You donβt have to use them β but if you want deeper control, automation, or backend-level access to your project, an API key is your best friend.
If License Keys are your appβs ID card, API Keys are your admin pass: they unlock more abilities, more flexibility, and more integrations.
Letβs walk through everything you need to know.
π§ What Are API Keys?
An API Key is a secure credential that allows your backend or external systems to interact with DevPayr programmatically.
With an API key, you can:
Create or list licenses
Fetch license details
Suspend or reactivate licenses
Manage project domains
Handle injectables
Access project metadata
Use service classes in SDKs
Automate workflows and internal tools
But hereβs the important part:
β οΈ API Keys are optional. You only need them if you want to perform extra operations beyond simply validating a license. License validation can work on its own with just the License Key.
πΉ When Should You Use an API Key?
Use an API Key if:
Youβre building dashboards, admin tools, or internal automation
You want your backend to create/update licenses
You need to check payment status programmatically
You want to upload or fetch injectables
You have advanced DevOps or CI/CD workflows
You want access to DevPayr SDK service classes (projects, domains, payments, etc.)
Do not use an API key if:
You only need license validation
Youβre calling from the frontend (API keys must stay private!)
You donβt need programmatic control
π οΈ How to Generate an API Key
Follow these steps inside your DevPayr dashboard:
1. In the sidebar, click βAPI Keysβ
The API Keys page lists all keys youβve created so far.
2. Click βCreate New Keyβ
This opens the creation form.
3. Choose which project the key belongs to
Select Attach to Project β choose a specific project
Or leave it as Global Key if your plan supports global keys
A project-scoped key can only act within one project. A global key can operate across all your projects.
4. Select the Scopes for this key
Scopes define exactly what the key is allowed to do.
Examples include:
Read projects
List licenses
Create licenses
Manage domains
Manage injectables
Access payments
Update project configurations
Think of scopes like permission levels β give the key only what it needs, nothing more.
π‘ Tip: If a contractor only needs to read license information, give them a read-only scope. No need to grant them βfull empire control.β
5. (Optional) Set an Expiration Date
Expiration dates are extremely useful when:
Giving temporary access to teammates
Working with contractors
Running short-term integrations
Testing API workflows
If you leave it empty, the key never expires (until you revoke it).
6. Click βCreateβ and copy your key
Once generated:
Store the key securely
Never expose it in public code
Never use it in frontend environments
Rotate or revoke it when no longer needed
π API Key Security Best Practices
Never expose API keys in JavaScript, browser code, or HTML
Store them in environment variables on your server
Rotate them regularly if used by third parties
Use scopes to limit abilities
Use expiration dates for temporary access
Treat them like real credentials β because they are
π If someone gets your API key, they can act on your behalf. Please donβt let βsomeoneβ be your frontend users.
π You Now Have an API Key
With your API key ready:
You can now use service classes in the SDKs
You can automate license management
You can build integrations, dashboards, or admin tools
You can access advanced project-level features
Last updated