Skip to main content
The Configuration API provides endpoints for managing accounts, API keys, event listeners, and access privileges within Commerce V1. These endpoints control how your integration authenticates, receives events, and accesses resources.

Account Management

Accounts represent organizational units within Commerce V1 and define capabilities for payment processing. Each account has specific payment instrument enablement (cards, SEPA, ACH, bank transfers) and platform payment features. Account operations include:
  • List accounts: Query all accounts accessible to your API key
  • Get account details: Retrieve specific account configuration and capabilities
  • Authenticate account: Verify account access and retrieve account information
  • Find by key: Locate accounts using configured key values

API Key Management

API keys provide authentication for accessing Commerce V1 endpoints. You can create multiple API keys per account for different environments or use cases. Key management capabilities:
  • Create API keys: Generate new keys with specific permissions
  • List API keys: View all keys associated with an account
  • Delete API keys: Revoke keys when no longer needed
Each API key is scoped to a specific account and inherits that account’s capabilities and access privileges.

Event Listeners

Event listeners configure how Commerce V1 delivers CloudEvents to your integration services. Listeners define target URLs, authentication methods, and event filtering rules. Listener configuration includes:
  • Create listeners: Configure new event delivery endpoints
  • Update listeners: Modify listener configuration and filters
  • OAuth settings: Configure OAuth 2.0 authentication for event delivery
  • List and retrieve: Query configured listeners and their settings
  • Delete listeners: Remove event listeners when no longer needed
Listeners use mutual TLS (mTLS) for secure event delivery over the event bridge. For OAuth-enabled listeners, Commerce V1 handles token acquisition and refresh automatically.

Privileges and Access Control

The privileges system controls access to specific resources within your account. Privileges define which API keys or services can access particular customers, payment methods, or other resources. Access control features:
  • Create privileges: Define new access rules for resources
  • Manage resources: Associate resources with privilege grants
  • Query privileges: List and retrieve privilege configuration
  • Revoke access: Delete privileges to remove access
Privileges are particularly important in multi-tenant scenarios where you need to isolate customer data or restrict access to specific payment instruments.

Security Considerations

When configuring accounts and access control:
  • Rotate API keys regularly and immediately revoke compromised keys
  • Use separate API keys for different environments (Test vs Production)
  • Configure event listeners with strong authentication (OAuth 2.0 preferred)
  • Apply principle of least privilege when granting resource access
  • Monitor API key usage and listener activity for anomalies