User keys

The user keys resource is used to manage a user's API keys. These keys are used to authenticate requests to the API.

For more information, see headers.

User key object

As a security precaution, it is strongly recommended that specific allowed domains and/or IP's be defined. User keys are used to gain access to your account. Keep them secure.

{
  "id": "01942a37-f8c5-7fc5-aabc-j23f991388f3",
  "user": "019429df-8f3f-7245-bc0d-73kn1u4f2284",
  "name": "Development",
  "allowed_domains": [
    "example.com"
  ],
  "allowed_ips": null,
  "expires_at": "2030-01-03 03:31:38",
  "last_used": "2026-06-29 11:59:07",
  "created_at": "2025-01-03 03:31:38",
  "updated_at": "2026-06-29 11:59:07"
}

Fields

  • id
    required readonly string
    Unique ID of the record.
  • user
    required readonly string
    Unique ID of the user.
  • name
    required string
    Name of the user key. Names allow the user to differentiate their API keys and must be unique to the user.
  • allowed_domains
    nullable array
    List of referring domains allowed to use the key. If null, all domains are allowed.
  • allowed_ips
    nullable array
    List of IP addresses allowed to use the key. If null, all IP addresses are allowed.
  • expires_at
    string
    UTC timestamp of when the user key expires. The default and maximum value is 1 year from the time of creation.
  • last_used
    nullable readonly string
    UTC timestamp of when the user key was last used. If null, the user key has never been used.
  • created_at
    required readonly string
    UTC timestamp of when the record was created.
  • updated_at
    nullable readonly string
    UTC timestamp of when the record was last updated.

Create a user key

POST /users/{userId}/keys

The request body must include a user key object.

Required permissions

User must be authenticated and can only create keys for themselves.

Response

HTTP status Title Description Schema
201 Created Successfully created User key object
400 Bad Request Invalid or missing field(s) Error object
404 Not Found User not found Error object
409 Conflict Duplicate name for the same user Error object

Upon successful creation, the user key object will be returned with an additional key_value field containing the actual value of the key. This value is only returned once and cannot be retrieved again. If the key is lost, a new key must be created.

List user keys

GET /users/{userId}/keys

Required permissions

User must be authenticated and can only list their own keys.

Response

HTTP status Title Description Schema
200 OK An associative array of user key objects
400 Bad Request Invalid parameters in the request query Error object
404 Not Found User not found Error object

Read user key

GET /users/{userId}/keys/{id}

Required permissions

User must be authenticated and can only read their own key.

Response

HTTP status Title Description Schema
200 OK User key object
400 Bad Request Invalid parameters in the request query Error object
404 Not Found User or key ID not found Error object

Update user key

PATCH /users/{userId}/keys/{id}

The request body must include parts of a user key object.

The expires_at field cannot be updated. It can only be defined when creating a key.

Required permissions

User must be authenticated and can only update their own key.

Response

HTTP status Title Description Schema
200 OK Updated user key record User key object
400 Bad Request Invalid or missing field(s) Error object
404 Not Found User or key ID not found Error object
409 Conflict Duplicate name for the same user Error object

Delete user key

DELETE /users/{userId}/keys/{id}

Required permissions

User must be authenticated and can only delete their own key.

Response

HTTP status Title Description Schema
204 No content Successfully deleted
404 Not Found User ID not found Error object
Was this page helpful?
© 2026 Bloom Data · System status