Keys
Issue, rotate, and revoke API keys on the apikee platform.
Keys
API keys are issued per client. A client can have multiple active keys simultaneously (useful for rotation).
Issue a key
Keys are created as part of client creation or added later:
# Add a key to an existing client
curl -X PUT "https://apikee.dev/api/v1/client/{uuid}?project_env=my-api-production" \
-H "x-api-key: sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"keys": [
{
"name": "Production Key v2",
"expiresAt": "2027-01-01T00:00:00Z",
"autoRotate": true
}
]
}'The raw key secret appears once in the API response and is never stored. Deliver it to the client immediately via a secure channel.
Key fields
| Field | Type | Description |
|---|---|---|
id | string | Internal key ID |
name | string | Display name |
prefix | string | First chars of the key (for identification) |
key | string | null | Raw secret — only returned on creation |
enabled | boolean | Whether the key is currently active |
requestCount | integer | Total validated requests |
expiresAt | datetime | null | Expiry (also embedded in the key itself) |
autoRotate | boolean | null | Auto-renew before expiry |
metadata | object | null | Arbitrary metadata |
Revoke a key
curl -X DELETE "https://apikee.dev/api/v1/client/{uuid}?keyId={keyId}" \
-H "x-api-key: sk_live_..."Because expiry is embedded in the key, you only need to call the revocation endpoint for early invalidation. Keys that have naturally expired are rejected by the SDK without any API call.