Manage API keys

POST /v1/api-keys

Create a key

POST /v1/api-keys with {"name": "Production backend", "scope": "send_only", "mode": "live"}. Requires a full_access key (or dashboard session). Returns 201 with the full key, shown exactly once:

{
  "id": "...",
  "name": "Production backend",
  "prefix": "sk_live_84f8e388...",
  "scope": "send_only",
  "mode": "live",
  "key": "sk_live_84f8e38852d4df0db712ba0e4c7569e67471d41a",
  "revoked": false,
  "created_at": "..."
}

List keys

GET /v1/api-keys returns all keys with masked prefixes, scopes, modes, and last_used_at. The full key is never returned again.

Revoke a key

DELETE /v1/api-keys/{id}. Takes effect immediately. A key cannot revoke itself, which keeps you from locking yourself out; use another full_access key.

Zero-downtime rotation

Create the replacement key
Deploy it
Revoke the old key