Ensure managed Cart API keys exist
Creates any missing managed RevKeen Cart publishable and secret keys for the authenticated merchant. Newly created key values are returned once; existing secret values are never re-exposed.
Related endpoints
GET /cart-api-keys/status— Get managed Cart API key statusPOST /cart-api-keys/{kind}/rotate— Rotate a managed Cart API key
Common errors
401 unauthenticated— missing, malformed, or revoked API key.403 permission_denied— key lacks the required scope, or the resource belongs to a different merchant.
Idempotency
Pass an Idempotency-Key header (UUID v4 recommended) to make retries safe. Keys are valid for 24 hours; see the idempotency guide.
x-api-key<token>
Your RevKeen API key (powered by Unkey). Get it from Dashboard > Settings > API Keys. Use rk_sandbox_* for test mode and rk_live_* for production.
In: header
Response Body
application/json
application/json
application/json
Stuck on an error response? Ask the RevKeen assistant to explain it.
curl -X POST "https://api.revkeen.com/v2/cart-api-keys/ensure" \
-H "x-api-key: $REVKEEN_API_KEY"{
"success": true,
"data": {
"publishable": {
"kind": "publishable",
"present": true,
"active": true,
"id": "string",
"unkey_key_id": "string",
"scopes": [
"string"
],
"created_at": "string",
"last_used_at": "string",
"revoked_at": "string"
},
"secret": {
"kind": "publishable",
"present": true,
"active": true,
"id": "string",
"unkey_key_id": "string",
"scopes": [
"string"
],
"created_at": "string",
"last_used_at": "string",
"revoked_at": "string"
},
"ready": true,
"created": [
"publishable"
],
"publishable_api_key": "string",
"secret_api_key": "string"
}
}{
"error": "string"
}{
"error": "string"
}