Everything here is a thin layer over the same API your own services use. API keys created here work identically to keys created via Create an API key.
Outbound webhook setup is hidden for launch because delivery workers and retry handling are not enabled yet. Launch scope is limited to API keys, integration logs, and core API health.Three tabs are available: API keys, Integration logs, and API status.
API keys
Backed by the API key endpoints:- List API keys —
GET /v1/api-keys - Create an API key —
POST /v1/api-keys - Update an API key —
PATCH /v1/api-keys/{keyId} - Revoke an API key —
DELETE /v1/api-keys/{keyId}
api_keys_manage permission.
Creating a key
Select scopes
Pick one or more scopes for the key:
By default, new keys are pre-selected with
| Scope |
|---|
payment_intents:write |
payment_intents:read |
reconciliation_cases:read |
imports:write |
imports:read |
exports:read |
api_keys:manage |
payment_intents:read and reconciliation_cases:read.Set an expiry
Specify how many days from now the key should expire. The dashboard converts this to an absolute
expiresAt timestamp before calling the API.Save the plaintext key
On creation, the API returns the key’s plaintext value exactly once in the response. The dashboard shows it in a “Save your API key” step with a copy button and a warning:
This key will only be shown once. Copy it now and store it securely. After closing this dialog, only the prefix is visible.After this point, only the key’s
prefix is ever shown again — the plaintext cannot be retrieved later through the dashboard or the API.Editing and revoking
Selecting an existing key opens an edit modal where you can change itsname and scopes (Update an API key). Revoking a key (Revoke an API key) is irreversible — a revoked key’s status changes and it can no longer authenticate requests.
Integration logs
This tab shows a paginated list (five per page) of recent activity, sourced from List audit events (GET /v1/audit-events?limit=100). Each entry shows:
- A formatted timestamp (from
occurredAt) - The
actorthat performed the action, shown as the log’s source - A message — either the event’s
messagefield, or itseventTypeif no message was recorded
GET /v1/audit-events directly.
API status
This tab shows the operational status of the ReconLayer API your organization is calling, derived from Get API health (GET /health). The dashboard reports the service as Operational when the health check returns status: ok, along with the timestamp of the last successful check.
This tab reflects the live result of a health check against the API at request time — it is not a historical incident log. For build-your-own status pages or alerting, poll the health endpoint directly.
Outbound webhooks (not yet enabled)
The API includes a full set of outbound webhook endpoints for registering endpoints and inspecting delivery attempts:- List outbound webhook endpoints —
GET /v1/outbound-webhook-endpoints - Create an outbound webhook endpoint —
POST /v1/outbound-webhook-endpoints - Update an outbound webhook endpoint —
PATCH /v1/outbound-webhook-endpoints/{endpointId} - Delete an outbound webhook endpoint —
DELETE /v1/outbound-webhook-endpoints/{endpointId} - List outbound webhook events —
GET /v1/outbound-webhook-events - Queue an outbound webhook event —
POST /v1/outbound-webhook-events - Record an outbound webhook delivery attempt
webhooks_manage.
From here
Authentication
How to use API keys created here to authenticate requests.
List audit events
Query the same activity feed shown in Integration logs, with full filtering.
Get API health
Check API status directly, for example from a status page or monitor.
Audit
The full, filterable audit trail across cases, imports, and admin actions.