title: API Keys

description: Create and manage API keys for authenticating Wontopos API requests.

API Keys

API keys are the simplest way to authenticate with the Wontopos API. They are long-lived tokens tied to your account.

Creating a key

1. Go to Settings → API Keys in your dashboard
2. Click Create new key
3. Give it a descriptive name (e.g. production-backend)
4. Select the scopes you need
5. Copy and securely store the key — it is only shown once

Key types

Using your key

Include the key in the Authorization header of every request:

GET /v1/marketplace/apis HTTP/1.1
Host: api.wontopos.com
Authorization: Bearer sk_live_your_key_here

# cURL
curl https://api.wontopos.com/v1/marketplace/apis 
  -H "Authorization: Bearer sk_live_your_key_here"

// JavaScript
const res = await fetch("https://api.wontopos.com/v1/marketplace/apis", {
  headers: {
    Authorization: "Bearer sk_live_your_key_here",
  },
});

# Python
import requests

resp = requests.get(
    "https://api.wontopos.com/v1/marketplace/apis",
    headers={"Authorization": "Bearer sk_live_your_key_here"},
)

Key rotation

To rotate a key without downtime:

1. Create a new key in the dashboard with the same scopes
2. Update your services to use the new key
3. Verify requests succeed with the new key
4. Delete the old key

Rate limits per key

Each API key has its own rate limit allocation.

When rate limited, the API returns 429 Too Many Requests with a Retry-After header.

Revoking a key

Delete a key from Settings → API Keys in the dashboard. Requests using the deleted key will immediately return 401 Unauthorized.