Settings & API Keys
Merchant settings and API key management. All endpoints require the x-wallet header.
Settings
Get Settings
GET /api/settings
curl -H "x-wallet: 0xYourWallet" https://api.cyberpay.org/api/settingsReturns merchant custom settings (JSON object), returns {} if not set.
Update Settings
PUT /api/settings
{
"storeName": "My Store",
"webhookUrl": "https://example.com/webhook",
"defaultToken": "USDC",
"defaultChain": "eip155:8453"
}Body is arbitrary JSON, upserted as a whole.
Delete All Settings
DELETE /api/settings/all
API Keys
List Keys
GET /api/keys
[
{
"id": "uuid-xxx",
"key": "cpk_abc123...",
"label": "Production Key",
"permissions": ["pay", "read"],
"monthlyBudget": "10000",
"maxPerTx": "1000",
"enabled": true,
"usedBudget": 250.5,
"createdAt": "2026-03-01T00:00:00Z"
}
]Create Key
POST /api/keys
{
"label": "Production Key",
"permissions": ["pay", "read", "write"],
"monthlyBudget": "10000",
"maxPerTx": "1000"
}Response (secret is returned only once at creation):
{
"id": "uuid-xxx",
"key": "cpk_abc123...",
"secret": "cps_def456...",
"createdAt": "2026-03-23T12:00:00Z"
}| Field | Type | Description |
|---|---|---|
label | string | Key label |
permissions | string[] | Permission list |
monthlyBudget | string | Monthly budget limit |
maxPerTx | string | Per-transaction limit |
Enable/Disable Key
PUT /api/keys/{id}/toggle
{ "enabled": false }Regenerate Secret
POST /api/keys/{id}/regenerate
{ "secret": "cps_newSecret..." }Delete Key
DELETE /api/keys/{id}
{ "ok": true }Secrets are stored using HMAC-SHA256 hashing and are irreversible.