For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
GuidesAPI Reference
GuidesAPI Reference
  • Network API
  • Customer Request API
  • Management API
      • GETList API keys
      • POSTCreate API key
      • GETRetrieve API key
      • DELDelete API key
      • Api_key
      • Scopes
LogoLogo
Management APIAPI Keys

Create API key

POST
/api-keys
POST
/management/v1/api-keys
$curl -X POST https://api.cash.app/management/v1/api-keys \
>     -H "Accept: Accept" \
>     -H "X-Region: X-Region" \
>     -H "X-Signature: X-Signature" \
>     -H "User-Agent: User-Agent" \
>     -H "Content-Type: application/json" \
>     -d '{
>  "idempotency_key": "e345c3fb-1caa-46fd-b0d3-aa6c7b00ab19",
>  "api_key": {
>    "scopes": [
>      "PAYMENTS_READ"
>    ]
>  }
>}'
1{
2  "api_key": {
3    "id": "KEY_2f6cd0d5cc26b34ac8785026b149797ecc0758be3dc3a857d405f2f62074ef30",
4    "created_at": "2022-01-01T00:00:00Z",
5    "expires_at": "2022-02-01T00:00:00Z",
6    "scopes": [
7      "PAYMENTS_READ"
8    ],
9    "reference_id": "string"
10  },
11  "secret": "string"
12}
Creates a new API key and secret to use in the `Authorization` and `X-Signature` headers for requests to the Cash App Pay API. This key will automatically expire at the date and time specified in the `expires_at` field in the response payload. <Note title="Note"> The `secret` returned in the response payload is what you use to calculate the `X-Signature` header. The API key ID is only used to keep track of which API keys are active, and isn't considered secret. Keep in mind that the `secret` can never be retrieved in subsequent requests to the API, so make sure to store it immediately! </Note> **This endpoint is rate limited to 5 QPS.** Scopes: `API_KEYS_WRITE`
Was this page helpful?
Previous

Retrieve API key

Next
Built with

Creates a new API key and secret to use in the Authorization and X-Signature headers for requests to the Cash App Pay API. This key will automatically expire at the date and time specified in the expires_at field in the response payload.

Note

The secret returned in the response payload is what you use to calculate the X-Signature header. The API key ID is only used to keep track of which API keys are active, and isn’t considered secret. Keep in mind that the secret can never be retrieved in subsequent requests to the API, so make sure to store it immediately!

This endpoint is rate limited to 5 QPS.

Scopes: API_KEYS_WRITE

Headers

AcceptstringRequired
X-RegionstringRequired
X-SignaturestringRequired
User-AgentstringRequired

Request

idempotency_keystringRequired1-64 characters

A unique identifier which can be used by Cash App to de-duplicate retries of this request, making it idempotent. Learn more about idempotency in the API.

api_keyobjectRequired
Details about the API key to create.

Response

Created
api_keyobject
secretstring32-256 characters

Secret value to use when calculating the X-Signature header of requests.

This value is not returned when retrieving an API key, so make sure to store it immediately.

Min length: 32 Max length: 256

Errors

400
Bad Request Error