Learn how API authentication works in PowerBoard
PowerBoard has two ways to authenticate requests, API key or Access tokens. You will be able to manage these within the PowerBoard dashboard. API keys carry full privileges to interact with the PowerBoard API, while Access tokens can be controlled in scope to only have specific permissions as created by yourself as the merchant.
Authentication is handled via HTTP headers in the request. API keys use the x-user-secret-key header and Access tokens use the x-access-token header.
It is important to keep your keys safe and secure within your environment. Do not hardcode these into your integration and they should only be used on your backend (server-side).
Managing your keys
You can find and manage your API keys and access tokens within the PowerBoard Merchant Portal. You will be able to create, pause, or reset your keys immediately via the portal.
API key
You can find your API key clicking the dropdown on your merchant name in the top left hand side of the dashboard and going to My Company > API & Settings. Here you will find both your Public and Private API keys and reset or pause them as necessary.
Access tokens
You can find the Access tokens area within the PowerBoard Merchant Portal by navigating to the dropdown on your merchant name in the top left hand side and going to Access Tokens. Here you can create and manage your existing Access tokens. Access tokens allow you to create a token that has granular permissions on which API endpoints it can interact with.