gak_live_*) target production; test keys (gak_test_*) target a sandbox with isolated data and no real Stripe charges. The secret value is returned exactly once at creation — there is no way to retrieve it later. By the end of this page you will know which endpoints exist and the lifecycle rules that govern them.
What a token looks like
Metadata is freely readable; the secret never appears on a read.Endpoints
List all tokens in the workspace. Create a new API token. Secret returned once. Fetch token metadata. Never the secret. Issue a new secret and invalidate the old one. Permanently revoke the token.Rules to know before you call
Common errors
Related
Authentication
How keys and OAuth session tokens work, including the scope model and rotation discipline.