Key types
Tenant binding
Every API key belongs to one tenant account. Its requests can read and change only that account’s customers, wallet, configuration, webhooks, and reporting. Create and store credentials separately for every tenant account. Choose the credential before making a request; the key determines the account for every Treasury call. Never reuse an idempotency key across separate credential stores.Roles
Each key is bound to a role that scopes what it can do. Reads are available to your role’s scope. Value-affecting writes — creating a customer, a payment route, a webhook subscription, or an API key, or submitting a Treasury wallet operation — require a secret key with write access.Treasury scopes
Keys created without an explicit scope list retain their role-implied access for backwards
compatibility. When you provide a scope list, include the Treasury scopes your integration needs.
Direct-route transfers are recorded automatically when a customer funds a payment route. Treasury
is different: you create payouts, withdrawals and quoted wallet conversions against a prefunded
wallet owned only by the authenticated tenant account. See the Treasury
overview and API reference.
403.
Example request
401. See Errors for the full error shape.
