> This is Payabli documentation. For a complete page index, fetch https://docs.payabli.com/llms.txt — append .md to any page URL for lightweight markdown. For section-level indexes, query parameters, and other AI-optimized access methods, see https://docs.payabli.com/ai-agents.md

# Manage API credentials (Portal)

> Create, refresh, update, and delete OAuth API credentials for your Payabli integration

Use the API Credentials screen to create and manage credentials for your Payabli integrations. Each credential consists of a Client ID and a Client Secret. Your integration exchanges them at the token endpoint for a short-lived Bearer access token, then sends that token on API requests. The Client ID and Secret themselves aren't sent on each call. See [OAuth authentication](/developers/oauth-authentication) for the full flow. Credentials are separate from [API tokens](/developers/api-tokens), which use a `requestToken` header.

Navigate to **Developers > API Credentials** in the Payabli Portal. The screen shows a filterable report of all credentials in your organization.

## Create credentials

Click **Add API Credential**.

Fill in the following fields:

* **Description** — Enter a descriptive name to identify this credential later.
* **Credential Lifetime** — Choose 30, 60, 90, or 120 days, or 1 year. Payabli recommends 90 days.

The **Organization** or **Paypoint** field shows the scope for this credential. It's determined by the entrypoint where you're creating it. Most integrations use organization-level credentials.

Select a permission group or search for individual permissions:

* Use the category checkbox to select all permissions in a category at once.
* Select individual permission buttons to fine-tune access.

<img alt="The permissions screen showing category checkboxes and individual permission buttons" src="https://files.buildwithfern.com/payabli.docs.buildwithfern.com/51e3b9720d15e4259bcf2a74ddc94d67a11b4f701f0dce3d336d9332ad9accf2/images/pay-ops-developer-api-credentials-permissions.png" />

Click **Generate Credentials**. Payabli generates a **Client ID** and a **Client Secret**.

The Client Secret is only shown once — copy both credentials and store them securely before leaving this page. You need both to request an access token.

Copying isn't the final step. The credential isn't created until you finish **Review** and click **Create Credential**. If you leave before then, no credential exists and the values you copied won't authenticate.

<img alt="The credential reveal screen showing the Client ID and Client Secret fields to copy" src="https://files.buildwithfern.com/payabli.docs.buildwithfern.com/30b8e8d312b5e315de5b2ca01267b2cee22b4caa69f492857f22ac710d1d45b4/images/pay-ops-developer-api-credentials-client-id-secret.png" />

To generate different credentials, click **Re-Generate Credentials** and copy the new values.

Click **Review** and verify the credential summary:

* Basic information: organization/paypoint, description, and credential lifetime
* The Client ID (the Client Secret is redacted in this view)
* A summary of all permissions associated with this credential, including the total count

<img alt="The review screen showing credential details, Client ID, and a summary of associated permissions" src="https://files.buildwithfern.com/payabli.docs.buildwithfern.com/d667b5e4ba60592415183e54406a5459dfea8046c302c5ce1621b32e21873cb9/images/pay-ops-developer-api-credentials-review.png" />

Click **Create Credential** to finish.

## Refresh credentials

You can renew credentials that are close to expiring without creating a new credential from scratch.

1. Use the filters to find the credentials you want to renew.

2. Click the three-dot icon in the row, then click **Edit Permissions**. This opens the renewal flow even if you don't need to change permissions.

3. Adjust any permissions if needed. If no changes are required, click **Next**.

4. Click the **Re-Generate Client Secret** link.

   <img alt="The Re-Generate Client Secret link in the credential refresh flow" src="https://files.buildwithfern.com/payabli.docs.buildwithfern.com/eda4ddc75acf601091b5eeb0c3d4c9102752250d105eedf089a015620eb0bf73/images/pay-ops-developer-api-credentials-regenerate.png" />

   If you skip this step, the original Client Secret continues to be used and expires on its original expiration date.

5. Copy the new Client Secret and update your application before proceeding.

6. Click **Review**, confirm the details, then click **Update Credential**.

The **Credential Lifetime** and **Last Updated** fields update in the report, and your new Client Secret becomes active immediately. The old secret stops working at the same time, with no overlap window, so update your integration as part of the rotation. Access tokens already issued keep working until they expire (their `expires_in`, for example one hour in sandbox).

## Update permissions

1. Use the filters to find the credentials you want to update.
2. Click the three-dot icon in the row, then click **Edit Permissions**.
3. Add or remove permissions, then click **Next**.
4. Click **Review**, confirm the changes, then click **Update Credential**.

If you also regenerate the Client Secret during this flow, update your application with the new secret before the old one expires.

## Delete credentials

Deleting credentials is permanent. Any integrations that use these credentials will stop authenticating.

1. Use the filters to find the credentials you want to delete.
2. Click the three-dot icon in the row.
3. Click **Delete API Credentials**.
4. Click **Delete** to confirm.