For AI agents and LLMs: a structured documentation index is available at /llms.txt. Every page has a Markdown sibling — append .md to any URL.

Skip to content
Docs

Programmatically create and manage client-side tokens

Use new client-side token API operations and webhooks to automate your frontend integrations with Paddle.

Tooling

  • API
  • Paddle.js

Released

July 7, 2025

Status

Released

API version

Version 1

What's new?

We've introduced new API operations and webhooks to create, fetch, list, and revoke client-side tokens, plus new webhook events to notify you when client-side tokens are created or revoked.

How it works

Paddle.js is our client-side library used to integrate Paddle on the frontend. Client-side tokens are the required method of authentication for Paddle.js. You provide client-side tokens when initializing Paddle.js.

Previously, you had to create and manage your client-side tokens through the dashboard. Now, you can create, fetch, list, and revoke client-side tokens through the Paddle API, and get notified with events when client-side tokens are created or revoked through the dashboard or the API.

Third-party integrations may also use these client-side token operations or webhooks to streamline your implementation of Paddle, support web payments through Paddle, or enable powerful new functionalities — like the RevenueCat integration. You can give API keys with Client-side token (Read) (client_token.read) and Client-side token (Write) (client_token.write) permissions to third-party integrations to enable these features.

You should only grant these permissions if they're required. Not all integrations use Paddle.js or have features that use these operations and webhooks.

Next steps

This change is available in version 1 of the Paddle API.

It's a non-breaking change, meaning it doesn't impact existing integrations. Permissions for existing API keys haven't been updated to include client_token.read or client_token.write.

Read more about client-side tokens and Paddle.js to explore their capabilities, and more about API keys and permissions to understand how to grant access to third-party apps safely.

Summary of changes

Client tokens

Feature

API keys

Feature

Was this page helpful?