All endpoints require authentication. API keys are scoped to the authenticated company — you cannot view or delete keys belonging to other companies.
POST /v1/keys
Creates a new API key for the authenticated company. Optionally attaches a human-readable label.
Request body (optional)
Response 201
Example
GET /v1/keys
Lists all API keys for the authenticated company. Key values are returned in full — treat this response as sensitive.
Response 200
Example
DELETE /v1/keys/:key
Deletes an API key. The key is immediately invalid for future requests. You cannot delete the last key for a company (that would lock you out).
This action is irreversible. Any service using the deleted key will receive 401 Unauthorized on its next request.
Path parameters
Response 200
Error responses
Example