API keys are created and managed by you, in the PalCards dealer panel. A key is tied to your dealer account — anyone who has it can act as you — so treat it like a password.
Create a key
- Sign in to the PalCards dealer panel at https://cp.palcards.ps.
- Open API keys ("مفاتيح API") from the sidebar.
- Click Create new key ("إنشاء مفتاح جديد").
- Fill in:
- Key name ("اسم المفتاح") — a label so you can recognise it later, e.g. Production server. Required (min. 3 characters).
- Allowed IP list ("قائمة IP المسموحة") — the public IP address(es) your requests will come from, comma‑separated. Required in practice: a key with an empty allowlist is blocked from every request ("جميع الطلبات محظورة").
- Click Create ("إنشاء"). The full key is shown once — copy it now and store it securely. You will not be able to see it again ("لن تتمكن من رؤيته مرة أخرى").
The key looks like this (80 characters):
sk_prod_1a2b3c4d…
Manage your keys
The API keys table shows, for each key: a masked prefix, the allowed IPs, the created date, and the last‑used date. You can:
- Edit — change the key's name or its allowed IP list.
- Delete — immediately revoke the key. Deletion is the revoke action; there is no separate "disable".
The secret part of a key cannot be regenerated. If a key is lost or leaked, delete it and create a new one.
Rules to remember
- IP allowlist is mandatory. Only exact IPv4 addresses are accepted — no ranges / CIDR. List every server IP that will call the API.
- One‑time secret. The full key is shown only at creation.
- Dealer‑only. API keys are available on dealer accounts.
- Keys can't mint keys. API keys are created interactively in the panel only — there is no API endpoint to create one, and an API key cannot create another key.
Next: Authenticating requests.