Managing sub-account API keys

Asaas allows the parent account to manage the API keys of its sub-accounts through specific endpoints. This functionality is ideal for partners who need to recover access to sub-accounts whose keys have been lost or expired.

How to enable access?

Due to the sensitivity of this operation, the management endpoints are blocked by default. To use them, it is necessary to perform a temporary release through the Asaas web interface.

1. Access the Integrations menu and click on API Keys.

2. Locate the Sub-account API Key Management section (visible only if you have sub-accounts).

3. Click on "Habilitar acesso".

🚧

Attention

• For security reasons, endpoint access is granted for 2 hours. After this period, access is automatically revoked and, if necessary, you will need to enable it again in the interface.
• These endpoints can only be accessed by your system and if you have the IP Whitelist setting enabled. Check out more details about the IP Whitelist functionality.

Using the endpoints

With access enabled, you can perform the following operations by authenticating with the parent account key:

1. List keys of a subaccount

   1. Retrieve the IDs and data of the active keys of a specific subaccount.
   2. View full route reference

2. Create a new key

   1. Generates a new API key for the specified subaccount.
   2. View full route reference

3. Update or Delete a key

   1. To edit settings or delete (revoke) a key, you will need the subaccount ID and the accessTokenId (key ID), which can be obtained from the listing or the creation response.
   2. View full route reference for Update and Delete