Operate
API Keys
API keys are Plane B credentials and must stay server-side.
Create and rotate
Use the backoffice or the Plane B API:
GET /internal/api-keysPOST /internal/api-keysPATCH /internal/api-keys/{id}DELETE /internal/api-keys/{id}
Handling rules
- Store keys in Vault or a dedicated secret manager.
- Never put keys in mobile apps.
- Never commit keys to Git.
- Scope keys by environment.
- Rotate keys when an operator leaves, a CI system changes, or logs suggest exposure.
Playground use
The API reference supports X-Plug-Wallet-Api-Key in the Authorize dialog. Only use sandbox keys in a browser playground.
Last modified on