API Keys

API keys are the intended application credential for integrating your own product with the SaaS AI platform. They are designed for developer-managed server environments and future SDK usage, not for direct browser embedding.

This page is target-state documentation. The app already exposes API key list, create, rotate, and revoke flows, and these docs formalize the intended integration model around them.

What API keys are

Use API keys when your application needs to:

  • call the platform without a signed-in dashboard user
  • integrate through future first-party SDKs
  • separate test and live environments
  • manage deployment-specific credentials cleanly

Environment model

The current app already models API keys with:

  • a label
  • a key prefix
  • an environment of test or live
  • creation, last-use, and revocation timestamps

That should become the stable public model for application credentials.

Lifecycle

API keys should support:

  • creation
  • one-time reveal of the raw key
  • rotation
  • revocation
  • environment separation between test and live workloads

The product should encourage using many narrowly named keys rather than one shared credential for every environment.

Example workflow

Create an API key

curl -X POST "$API_BASE/api/settings/api-keys" \
  -H "Authorization: Bearer $USER_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "organizationId": "org_123",
    "label": "Production backend",
    "environment": "live"
  }'

Rotate an API key

curl -X POST "$API_BASE/api/settings/api-keys/key_123/rotate" \
  -H "Authorization: Bearer $USER_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "organizationId": "org_123"
  }'

Was this page helpful?