Partner API Token Generation

This guide explains how e-commerce partners can generate API tokens to access protected endpoints in the Nowpost API.

Endpoint

POST /partner/api-keys

Authentication

You must be an authenticated partner to generate an API key.
Use your login credentials to obtain an access token via /auth/login.
Include the access token in the Authorization header as a Bearer token.

Request

Headers:

Authorization: Bearer <access_token>
Content-Type: application/json

Body:

{
  "name": "Production API Key", // required
  "description": "API key for my e-commerce integration", // optional
  "permissions": ["orders:read", "orders:create"], // optional, array of permission strings
  "expiresAt": "2025-12-31T23:59:59Z" // optional, RFC3339 format
}

Response

201 Created

{
  "apiKey": {
    "id": "api-key-id",
    "name": "Production API Key",
    "permissions": ["orders:read", "orders:create"],
    "isActive": true,
    "createdAt": "2025-08-12T12:00:00Z",
    "updatedAt": "2025-08-12T12:00:00Z",
    "expiresAt": "2025-12-31T23:59:59Z", // optional
    "lastUsedAt": null // optional
  },
  "keyString": "generated_api_key_value", // The actual API key value (only shown once)
  "warning": "This key will only be shown once. Please save it securely."
}

Note: The keyString (API key value) will only be shown once in the response. Save it securely; it cannot be retrieved again.

Usage

Use the generated API key as your authentication token in the Authorization header for requests to protected endpoints.

Example:

Authorization: Bearer generated_api_key_value

Error Responses

400 Bad Request: Invalid request payload, missing required fields, or invalid expiration date format (must be RFC3339).
401 Unauthorized: Authentication failed or missing token.
403 Forbidden: Partner API keys cannot create additional API keys.
500 Internal Server Error: Server error.

For more details, see the API Reference.

Endpoint​

Authentication​

Request​

Response​

Usage​

Error Responses​