Skip to main content
POST
https://api.zbdpay.com
/
api
/
v1
/
rewards
/
app
/
{rewardsAppId}
/
api-key
Create an API Key
curl --request POST \
  --url https://api.zbdpay.com/api/v1/rewards/app/{rewardsAppId}/api-key \
  --header 'Authorization: <authorization>' \
  --header 'z-client: <z-client>'
{
  "success": true,
  "message": "API key created successfully. Please save this key securely as it will not be shown again.",
  "data": {
    "id": "78b411d8-1f61-4824-97c6-e3c3a571f1c5",
    "apiKey": "sdk_live_cbe66d6f0a60e2a8c0b2ac2831db8909d736409cadb78bce9ad94954259d8c88",
    "createdAt": "2025-10-29T13:58:11.602Z"
  }
}
Generate an API key for your Rewards App to authenticate server-side reward requests.
This key authorizes your backend to send rewards securely without exposing credentials to the client.
Store this key securely, it will not be displayed again after creation. Save it immediately in your environment variables or secrets manager.

Configuration

Header Parameters

z-client
string
required
Client identifier (use “developer-dashboard” )
Authorization
string
required
Bearer token for authenticationFormat: Bearer {JWT_TOKEN}

Path Parameters

rewardsAppId
string
required
Your Rewards App ID.
{
  "success": true,
  "message": "API key created successfully. Please save this key securely as it will not be shown again.",
  "data": {
    "id": "78b411d8-1f61-4824-97c6-e3c3a571f1c5",
    "apiKey": "sdk_live_cbe66d6f0a60e2a8c0b2ac2831db8909d736409cadb78bce9ad94954259d8c88",
    "createdAt": "2025-10-29T13:58:11.602Z"
  }
}

Response Fields

FieldTypeDescription
successbooleanWhether the request was successful
messagestringDescription of the result
dataobjectContains API key details
idstringUnique identifier for this API key
apiKeystringThe actual API key to use for server authentication. Store securely!
createdAtstringISO 8601 timestamp of when the key was created

Response Status Codes

CodeDescription
201API key created successfully
400Bad request - invalid UUID
401Unauthorized - authentication required
403Forbidden - developer does not own this app
409Conflict - race condition detected
500Internal server error
 
{
  "success": false,
  "message": "Invalid UUID"
}
This API key will only be shown once in the response. If you lose it, you’ll need to create a new key and revoke the old one.

Code Examples

const rewardsAppId = 'YOUR_REWARDS_APP_ID';
const jwtToken = 'YOUR_JWT_TOKEN';

const response = await fetch(`https://api.zbdpay.com/api/v1/rewards/app/${rewardsAppId}/api-key`, {
  method: 'POST',
  headers: {
    'z-client': 'developer-dashboard',
    'Authorization': `Bearer ${jwtToken}`
  }
});

const data = await response.json();

if (data.success) {
  console.log('API Key created:', data.data.apiKey);
  // IMPORTANT: Store this key in your environment variables
  // It will not be shown again!
} else {
  console.error('Error:', data.message);
}

Try It Out

Ready to create your first API key? Use our API playground on the right to test with your JWT token.

What’s Next?

Now that you’ve created an API key, your backend can authenticate securely with the ZBD Rewards API.
In the next step, you’ll learn how to send rewards directly from your server using the v2 API endpoint.