RevKeenDocs

Ensure managed Cart API keys exist

Creates any missing managed RevKeen Cart publishable and secret keys for the authenticated merchant. Newly created key values are returned once; existing secret values are never re-exposed.


Related endpoints

  • GET /cart-api-keys/status — Get managed Cart API key status
  • POST /cart-api-keys/{kind}/rotate — Rotate a managed Cart API key

Common errors

  • 401 unauthenticated — missing, malformed, or revoked API key.
  • 403 permission_denied — key lacks the required scope, or the resource belongs to a different merchant.

Idempotency

Pass an Idempotency-Key header (UUID v4 recommended) to make retries safe. Keys are valid for 24 hours; see the idempotency guide.

POST
/cart-api-keys/ensure
x-api-key<token>

Your RevKeen API key (powered by Unkey). Get it from Dashboard > Settings > API Keys. Use rk_sandbox_* for test mode and rk_live_* for production.

In: header

Response Body

application/json

application/json

application/json

Stuck on an error response? Ask the RevKeen assistant to explain it.
curl -X POST "https://api.revkeen.com/v2/cart-api-keys/ensure" \
  -H "x-api-key: $REVKEEN_API_KEY"
{
  "success": true,
  "data": {
    "publishable": {
      "kind": "publishable",
      "present": true,
      "active": true,
      "id": "string",
      "unkey_key_id": "string",
      "scopes": [
        "string"
      ],
      "created_at": "string",
      "last_used_at": "string",
      "revoked_at": "string"
    },
    "secret": {
      "kind": "publishable",
      "present": true,
      "active": true,
      "id": "string",
      "unkey_key_id": "string",
      "scopes": [
        "string"
      ],
      "created_at": "string",
      "last_used_at": "string",
      "revoked_at": "string"
    },
    "ready": true,
    "created": [
      "publishable"
    ],
    "publishable_api_key": "string",
    "secret_api_key": "string"
  }
}
{
  "error": "string"
}
{
  "error": "string"
}