---
title: "API keys"
description: "Create, list and revoke the API keys used to authenticate with Dravo."
section: "API reference"
url: https://dravo.dev/docs/api/api-keys
---
# API keys

API keys authenticate calls to the public API. These management endpoints use
the dashboard JWT. For how keys are used on requests, see
[authentication](/docs/authentication).

## List keys

Secrets are never returned; only a short prefix is shown for display.

#### `GET /v1/api-keys`

List your API keys (secrets are never returned).

**Auth:** Dashboard JWT only

Response `200`: Keys.

```json
[
  {
    "id": "key_1",
    "name": "Production",
    "key_prefix": "dra_live_8f2c",
    "environment": "live"
  }
]
```


## Create a key

The full secret is returned once in this response and never again. Store it
securely.

#### `POST /v1/api-keys`

Create an API key. The full secret is shown once in the response and never again.

**Auth:** Dashboard JWT only

| Field | In | Type | Required | Description |
| --- | --- | --- | --- | --- |
| `name` | body | string | yes | 1 to 80 chars. |
| `environment` | body | string | no | live | test (default live). |

Request:

```json
{
  "name": "Production",
  "environment": "live"
}
```

Response `201`: Created (secret shown once).

```json
{
  "id": "key_1",
  "name": "Production",
  "key": "dra_live_8f2c…",
  "environment": "live"
}
```


## Revoke a key

Revocation is immediate.

#### `DELETE /v1/api-keys/{key_id}`

Revoke an API key immediately.

**Auth:** Dashboard JWT only

| Field | In | Type | Required | Description |
| --- | --- | --- | --- | --- |
| `key_id` | path | string | yes | Key to revoke. |

Response `204`: Revoked. No content.