API keys authenticate calls to the public API. These management endpoints use the dashboard JWT. For how keys are used on requests, see authentication.
List keys
Secrets are never returned; only a short prefix is shown for display.
GET
/v1/api-keysList your API keys (secrets are never returned).
Auth: Dashboard JWT only
Response 200 Keys.
[
{
"id": "key_1",
"name": "Production",
"key_prefix": "dra_live_8f2c",
"environment": "live"
}
]Create a key
The full secret is returned once in this response and never again. Store it securely.
POST
/v1/api-keysCreate an API key. The full secret is shown once in the response and never again.
Auth: Dashboard JWT only
Parameters
| Field | In | Type | Required | Description |
|---|---|---|---|---|
| name | body | string | yes | 1 to 80 chars. |
| environment | body | string | no | live | test (default live). |
Request
{
"name": "Production",
"environment": "live"
}Response 201 Created (secret shown once).
{
"id": "key_1",
"name": "Production",
"key": "dra_live_8f2c…",
"environment": "live"
}Revoke a key
Revocation is immediate.
DELETE
/v1/api-keys/{key_id}Revoke an API key immediately.
Auth: Dashboard JWT only
Parameters
| Field | In | Type | Required | Description |
|---|---|---|---|---|
| key_id | path | string | yes | Key to revoke. |
Response 204 Revoked. No content.