User keys
The user keys resource is used to manage a user's API keys. These keys are used to authenticate requests to the API.
For more information, see headers.
User key object
{
"id": "01942a37-f8c5-7fc5-aabc-j23f991388f3",
"user": "019429df-8f3f-7245-bc0d-73kn1u4f2284",
"name": "Development",
"allowed_domains": [
"example.com"
],
"allowed_ips": null,
"expires_at": "2030-01-03 03:31:38",
"last_used": "2026-06-29 11:59:07",
"created_at": "2025-01-03 03:31:38",
"updated_at": "2026-06-29 11:59:07"
}
Fields
- idrequired readonly stringUnique ID of the record.
- userrequired readonly stringUnique ID of the user.
- namerequired stringName of the user key. Names allow the user to differentiate their API keys and must be unique to the user.
- allowed_domainsnullable arrayList of referring domains allowed to use the key. If
null, all domains are allowed. - allowed_ipsnullable arrayList of IP addresses allowed to use the key. If
null, all IP addresses are allowed. - expires_atstringUTC timestamp of when the user key expires. The default and maximum value is 1 year from the time of creation.
- last_usednullable readonly stringUTC timestamp of when the user key was last used. If
null, the user key has never been used. - created_atrequired readonly stringUTC timestamp of when the record was created.
- updated_atnullable readonly stringUTC timestamp of when the record was last updated.
Create a user key
POST /users/{userId}/keys
The request body must include a user key object.
Required permissions
User must be authenticated and can only create keys for themselves.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 201 | Created | Successfully created | User key object |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 404 | Not Found | User not found | Error object |
| 409 | Conflict | Duplicate name for the same user |
Error object |
Upon successful creation, the user key object will be returned with an additional key_value field
containing the actual value of the key. This value is only returned once and cannot be retrieved again.
If the key is lost, a new key must be created.
List user keys
GET /users/{userId}/keys
Required permissions
User must be authenticated and can only list their own keys.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 200 | OK | An associative array of user key objects | |
| 400 | Bad Request | Invalid parameters in the request query | Error object |
| 404 | Not Found | User not found | Error object |
Read user key
GET /users/{userId}/keys/{id}
Required permissions
User must be authenticated and can only read their own key.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 200 | OK | User key object | |
| 400 | Bad Request | Invalid parameters in the request query | Error object |
| 404 | Not Found | User or key ID not found | Error object |
Update user key
PATCH /users/{userId}/keys/{id}
The request body must include parts of a user key object.
expires_at field cannot be updated. It can only be defined when creating a key.Required permissions
User must be authenticated and can only update their own key.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 200 | OK | Updated user key record | User key object |
| 400 | Bad Request | Invalid or missing field(s) | Error object |
| 404 | Not Found | User or key ID not found | Error object |
| 409 | Conflict | Duplicate name for the same user |
Error object |
Delete user key
DELETE /users/{userId}/keys/{id}
Required permissions
User must be authenticated and can only delete their own key.
Response
| HTTP status | Title | Description | Schema |
|---|---|---|---|
| 204 | No content | Successfully deleted | |
| 404 | Not Found | User ID not found | Error object |