> ## Documentation Index
> Fetch the complete documentation index at: https://docs.meum.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API keys and scopes

> Bearer authentication and scopes for Public Merchant API v1.

## Authentication

```
Authorization: Bearer sk_live_...
```

* Store-scoped: one store per key
* Hashed at rest (SHA-256); prefix `sk_live_` with first 12 chars shown in dashboard
* Cannot access Merchant Admin session APIs

Create keys in [Get API credentials](/getting-started/get-api-credentials).

## Default developer scopes

| Scope                                        | Access                             |
| -------------------------------------------- | ---------------------------------- |
| `invoices:read`                              | List and read invoices             |
| `invoices:write`                             | Create and cancel invoices         |
| `transactions:read`                          | Read on-chain payment transactions |
| `payment_links:read` / `payment_links:write` | Payment links                      |
| `webhooks:read` / `webhooks:write`           | Webhook endpoints and deliveries   |

Use `transactions:read` (not legacy `payments:read`).

## WooCommerce keys

| Key       | Scopes                                         | Use                          |
| --------- | ---------------------------------------------- | ---------------------------- |
| Bootstrap | `woocommerce:bootstrap`                        | Connect only (24h)           |
| Dedicated | `invoices:create`, `invoices:read`, Woo scopes | Plugin runtime (auto-issued) |

Dedicated keys cannot access payment links, transaction list, or developer webhook management.

## Scope errors

HTTP `403`:

```json theme={null}
{
  "error": {
    "type": "permission_error",
    "code": "INSUFFICIENT_SCOPE",
    "message": "Missing transactions:read scope"
  }
}
```

## Related pages

* [API key security](/security/api-key-security)
* [Authentication errors](/api-reference/errors)