> ## Documentation Index
> Fetch the complete documentation index at: https://docs.minisend.xyz/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys

> Generate, copy, and revoke API keys to authenticate checkout session requests from your backend. Keys use the ms_live_ prefix and are shown only once.

API keys authorise your backend to create checkout sessions. **Dashboard → API Keys**.

<Warning>
  Never put keys in frontend code, mobile apps, or public repos. Backend env vars only.
</Warning>

## Format

```text theme={null}
ms_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
```

The list shows a shortened preview (e.g., `ms_live_abc123...`). The full key is shown **once** at creation — Minisend stores only a hash.

## Generate

<Steps>
  <Step title="Open API Keys">
    Sidebar → **API Keys**.
  </Step>

  <Step title="New Key">
    Top-right button.
  </Step>

  <Step title="Name it">
    e.g., `Production` or `Staging`. Blank defaults to `Default`.
  </Step>

  <Step title="Copy now">
    The key appears in a banner. Copy and store it — closing or dismissing the banner means generating a new key.
  </Step>
</Steps>

<Note>
  Create multiple keys (one per environment). Revoking one doesn't affect the others.
</Note>

## Use in requests

```text theme={null}
Authorization: Bearer ms_live_{your_key}
```

```bash theme={null}
curl -X POST https://merchant.minisend.xyz/api/merchant/checkout \
  -H "Authorization: Bearer ms_live_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "amount": 25.00,
    "description": "Order #123",
    "external_id": "order_123"
  }'
```

## Revoke

Hover the row → click the trash icon. Deactivated immediately — subsequent requests return `401`.

<Warning>
  Revocation is permanent. If a production server uses the key, update its env var first.
</Warning>

## Best practices

* Rotate periodically, immediately if exposed.
* Separate keys per environment.
* Set as a server-side env var (`MINISEND_API_KEY`), never hardcode.
* Accidentally committed to a public repo → revoke and regenerate.
