API Keys Management

Create, list, and revoke API keys. These endpoints require JWT session authentication (not API key auth).

List Keys

GET /v1/keys

Response

{
  "keys": [
    {
      "id": "ak_abc123",
      "name": "Production",
      "key_prefix": "sk_live_a1b2c3d4",
      "scopes": "[\"chat\",\"agents\"]",
      "rate_limit_rpm": 60,
      "is_active": true,
      "last_used_at": "2026-05-07T12:00:00Z",
      "created_at": "2026-05-01T10:00:00Z"
    }
  ]
}

Create Key

POST /v1/keys

Request

{
  "name": "Production Widget",
  "space_id": "group_soporte",
  "scopes": ["chat", "agents"]
}

Response

{
  "id": "ak_xyz789",
  "key": "sk_live_a1b2c3d4e5f6...",
  "prefix": "sk_live_a1b2c3d4",
  "message": "API key created. Save it now — it cannot be retrieved again."
}

warning

The full API key is returned only once at creation time. Store it securely. If lost, create a new key and revoke the old one.

Revoke Key

DELETE /v1/keys/:id

Response

{ "success": true, "message": "API key revoked" }

List Keys​

Response​

Create Key​

Request​

Response​

Revoke Key​

Response​

List Keys

Response

Create Key

Request

Response

Revoke Key

Response