API Keys

Manage API keys for your tenant. Authenticated via dashboard session (cookie); the API-key endpoints intentionally do not accept API keys themselves — keys cannot mint other keys.

`GET /v1/api-keys`

List API keys for the current tenant

Returns metadata for every key the tenant has issued — never the plaintext. Useful for the dashboard's key-management UI and for confirming a key is active before customers go to production.

Example request

bash

curl -X GET \
  'https://api.eztype.io/v1/api-keys'

Responses

200 — Array of key metadata, ordered newest first.

json

[
  {
    "id": "a1b2c3d4-…",
    "type": "pat",
    "name": "Production app key",
    "displayPrefix": "sk-ezt-pat-7Kx9mQ2v…",
    "createdAt": 1745470820123,
    "lastUsedAt": 1745557220456,
    "revokedAt": null
  }
]

`POST /v1/api-keys`

Create a new API key

Mints a new API key under the caller's tenant. Returns the plaintext key exactly once — store it immediately and never send it back to EZType. Subsequent requests authenticate by sending the key as Authorization: Bearer <key>.

Pick the type slot based on intended use. Secret types (pat/svc/adm) carry full read + write authority — never embed in client-side code. The srh type is a public, read-only key safe to embed in browsers; it can only query indexes marked PUBLIC.

Authentication: dashboard session cookie required. API keys cannot mint other keys.

Request body

json

{
  "type": "pat",
  "name": "Production app key"
}

Example request

bash

curl -X POST \
  'https://api.eztype.io/v1/api-keys' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "pat",
  "name": "Production app key"
}'

Responses

200 — Key created. The key field is plaintext — store it now; we don't keep it.

json

{
  "id": "a1b2c3d4-…",
  "type": "pat",
  "name": "Production app key",
  "key": "sk-ezt-pat-7Kx9mQ2vN8wL3pR5tY6uA1bC4dE8fG0hJ2kAbCd",
  "displayPrefix": "sk-ezt-pat-7Kx9mQ2v…",
  "createdAt": 1745470820123
}

400 — Missing or invalid type/name.

`DELETE /v1/api-keys/{keyId}`

Revoke an API key

Marks the key as revoked. Subsequent requests with this key return 401. Revocation is irreversible — issue a new key if the old one is needed again.

Parameters

Name	In	Type	Required	Description
`keyId`	path	string	yes	The `id` returned at creation time (not the plaintext).

Example request

bash

curl -X DELETE \
  'https://api.eztype.io/v1/api-keys/{keyId}'

Responses

200 — Key revoked. Returns the updated key metadata with revokedAt set.

404 — Key not found, or already revoked.