Organization API Keys
Organization API key management
List API keys
Create API key
Required Permissions:
apikey:write
Create API key
path Parameters
organization_idOrganization ID
Create API key › Request Body
Decision Table
| Variant | Matching Criteria |
|---|---|
| type = object | |
| type = object · requires: expiration_time, name, role_id |
Create API key › Responses
API key created successfully
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtokentoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_atGet API key
Required Permissions:
apikey:read
Get API key
path Parameters
organization_idOrganization ID
api_key_idAPI Key ID
Get API key › Responses
API key details
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_atUpdate API key
Required Permissions:
apikey:write
Update API key
path Parameters
organization_idOrganization ID
api_key_idAPI Key ID
Update API key › Request Body
Decision Table
| Variant | Matching Criteria |
|---|---|
| type = object | |
| type = object · requires: name |
Update API key › Responses
API key updated successfully
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_atRegenerate API key
Required Permissions:
apikey:write
Regenerates an API key by creating a new one with the same metadata and deleting the old one
path Parameters
organization_idOrganization ID
api_key_idAPI Key ID
Regenerate API key › Responses
New API key generated successfully
created_atdescriptionexpiration_timeidjwt_signing_key_idJWTSigningKeyID is the jwt_signing_keys row that signed the key's current token. Re-stamped on rotation. Empty when signed via the legacy HS256 path (no signing-key row), or for keys created before this was recorded.
nameorganization_idrole_idtokentoken_versionTokenVersion is the current generation of the key. It is embedded in
minted JWTs as the ver claim and bumped on rotation to invalidate
previously-issued tokens without changing the key's id.
updated_at