circle-exclamation
This documentation is currently under development. Certain sections are not yet complete and will be added shortly.
search
Ctrlk
HomeDocumentation

ApiKeys

hashtag
List API keys for the tenant

get
/api/{tenantId}/admin/apiKeys

Returns all API key definitions stored in security.yml. Key hashes are never included in responses.

hashtag
Authorization

Requires tenant.apiKey:read scope.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
tenantIdstringRequired
Responses
chevron-right
200

API keys returned.

API key definition returned by list and get endpoints. The key hash is never exposed.

or
get
/api/{tenantId}/admin/apiKeys
200

API keys returned.

hashtag
Create a new API key

post
/api/{tenantId}/admin/apiKeys

Generates a cryptographically secure token, stores its SHA-256 hash in security.yml, and returns the plaintext token in the response. The token is only returned once — copy it immediately.

hashtag
Authorization

Requires tenant.apiKey:write scope.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
tenantIdstringRequired
Body

Request body to create an API key.

namestring · min: 1Required

Key name. Only alphanumeric characters, hyphens, underscores and dots are allowed.

enabledbooleanOptional

Whether this key is active. Defaults to true.

permissionsstring[]Optional

List of permission scopes granted to this key. Use ["*"] for full access.

Responses
post
/api/{tenantId}/admin/apiKeys

hashtag
Get a specific API key

get
/api/{tenantId}/admin/apiKeys/{keyName}

Returns the API key definition identified by keyName. The key hash is never returned.

hashtag
Authorization

Requires tenant.apiKey:read scope.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
keyNamestringRequired
tenantIdstringRequired
Responses
chevron-right
200

API key returned.

API key definition returned by list and get endpoints. The key hash is never exposed.

or
get
/api/{tenantId}/admin/apiKeys/{keyName}

hashtag
Update an API key

put
/api/{tenantId}/admin/apiKeys/{keyName}

Replaces the enabled and permissions fields of the key. The key name and the stored hash are not changed.

hashtag
Authorization

Requires tenant.apiKey:write scope.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
keyNamestringRequired
tenantIdstringRequired
Body

Request body to update an API key.

enabledbooleanRequired

Whether this key is active.

permissionsstring[]Optional

New list of permission scopes. Use ["*"] for full access.

Responses
chevron-right
200

API key updated.

API key definition returned by list and get endpoints. The key hash is never exposed.

or
put
/api/{tenantId}/admin/apiKeys/{keyName}

hashtag
Delete an API key

delete
/api/{tenantId}/admin/apiKeys/{keyName}

Removes the API key entry from security.yml. The key immediately stops working.

hashtag
Authorization

Requires tenant.apiKey:write scope.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
Authorizations
OAuth2implicitRequired
Authorization URL:
Path parameters
keyNamestringRequired
tenantIdstringRequired
Responses
delete
/api/{tenantId}/admin/apiKeys/{keyName}
No content

Last updated