API keys (TenaBill)
API keys authenticate your server-to-server calls to the TenaBill merchant API. Pass the key in the X-TenaBill-Api-Key header on every request from your backend.
Console: TenaBill merchant console → API keys (/api-keys)
Create a key
- Click Create key.
- Enter an optional Label to identify the key (e.g. "Production backend", "CI pipeline").
- Click Create.
- Copy the key immediately — TenaBill shows the full plaintext value only once at creation. After you close the dialog only the prefix is visible.
Store the key in your environment's secret manager (e.g. AWS Secrets Manager, Azure Key Vault, environment variables). Do not commit it to source control.
Key security
- Keys are stored encrypted at rest with ASP.NET Data Protection.
- The console displays only a prefix (e.g.
tbk_live_abc12...) after creation. - A lost key cannot be recovered — revoke it and create a new one.
Revoke a key
Click Revoke on any key row. A confirmation dialog appears before the key is invalidated. Revoked keys are rejected immediately on the next API call.
Rotate keys periodically and revoke any keys that may have been exposed.
Usage
http
POST /api/v1/console/customers
X-TenaBill-Api-Key: tbk_live_abc123...
Content-Type: application/json
{ "name": "Acme Corp", "email": "billing@acme.com" }All console-scoped API endpoints (/api/v1/console/...) require this header. Portal and public checkout endpoints use different auth.