By default, all API requests are made to the nil (global) environment. Other
environments can be created to segment your Keygen resources into buckets,
for example, for an isolated sandbox environment, or a shared production
environment.
An environment can be specified within the Keygen-Environment request header,
where the value of the header is an environment's ID or its code. When this
header is omitted, the global environment will be assumed.
Keygen-Environment: sandbox
Alternatively, an environment may also be provided in the following ways:
By using the environment query parameter: ?environment=sandbox
When the provided environment is blank or otherwise invalid, the request will
fail with a 400 bad request error response.
Any resource created within an environment will automatically be assigned
to that environment. Resources cannot be moved between environments.
Notes on isolation
Depending on the environment's isolation strategy, resources from the nil (global)
environment may be accessible from within another environment. For isolated environments,
no resources are accessible from outside the environment. For shared environments,
resources from the global environment are accessible in the shared environment,
but not resources from other isolated or shared environments.
For most use-cases, an isolated environment is likely the best choice. Due to that,
it is the default isolation strategy. An isolated environment will essentially act
as a Keygen account within your Keygen account, completely isolated from other
environments, including from all admins of the global environment. Admins and
other resources from the global environment are not able to authenticate in
an isolated environment.
Some use-cases, however, may call for a shared environment. For example, you
may have a QA environment that needs to create QA licenses for a policy in
the global environment. With a shared environment, this is possible.
Admins and other resources from the global environment are able to authenticate
in a shared environment, unlike with an isolated environment.
When accessing resources of the global environment from within a shared
environment, the global resources will be in a read-only state. You cannot
modify or otherwise mutate resources from outside of their assigned
environment.
Lastly, resource uniqueness, e.g. a license key or user email, is not unique
per-environment; resources remain unique per-account. Please keep this
in mind when creating environments.
The strategy used for isolating the environment from other environments.
Options
ISOLATED: The environment will be isolated from all other resources in other environments. This is effectively a separate Keygen account. This is the default.
SHARED: The environment will be shared with the global environment. All resources in the global environment will be available as read-only resources.
When creating an isolated environment, you will need to specify at least 1 embedded
admin via the data.relationships.admins relationship, because admins from the
global environment are not able to authenticate in an isolated environment.
Without at least 1 admin, the isolated environment would be inaccessible.
The strategy used for isolating the environment from other environments.
For more information on isolation strategies and their effects, please see Notes on Isolation.
Options
ISOLATED: The environment will be isolated from all other resources in other environments. This is effectively a separate Keygen account. This is the default.
SHARED: The environment will be shared with the global environment. All resources in the global environment will be available as read-only resources.
A 201 Created response will be returned along with the new environment object.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.
A 200 OK response will be returned along with an environment object.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.
Updates the specified environment resource by setting the values of the parameters
passed. Any parameters not provided will be left unchanged.
Renaming an environment code that is already in use may cause requests using
the old environment code to fail. We suggest making sure the existing code
is no longer in use before changing it, to prevent unintended request
failures.
A 200 OK response will be returned along with the updated environment object.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.
Permanently deletes an environment. The environment will immediately be removed, and all
resources in the environment will be queued for removal. It cannot be undone.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.
A 200 OK response will be returned along with a list of environment objects.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.
Generates a new environment token resource. Environment tokens do not expire.
Environment tokens must be generated in the environment they're for, e.g.
if you're generating a token for a sandbox environment, please ensure
you include a Keygen-Environment: sandbox header.
Environment tokens should not be included in any client-facing code, as
they offer full access to all of the environment's resources. Only use
these tokens server-side e.g. to integrate Keygen into a backend system,
consume webhooks, or to manage resources in response to events from
your payment provider.
array<string>default=["*"]ent onlyThese attributes are only available for accounts on an Ent tier.
The permissions for the token. Available permissions, dependent on the bearer, are covered here. By default, it is set to a wildcard `*`, which inherits all permissions from the token bearer.
A 200 OK response will be returned along with the new token object.
The token attribute of the token object, which is used for authentication,
is ONLY readable directly after creation. Please securely store this
value for later use, otherwise the token may need to be regenerated.
Upon error, an errors object will be returned along with an
HTTP status code indicating the type of error. When an error occurs, the
data property will not be included.