Reference
API Keys
Admin APIs for creating, listing, and revoking Gateway API keys (`gk_...`).
Endpoint Map
| Method | Path | Auth | Purpose |
|---|---|---|---|
POST | /api/v1/admin/api-keys | JWT + role admin/tenant_admin | Create API key |
GET | /api/v1/admin/api-keys | JWT + role admin/tenant_admin | List key metadata |
DELETE | /api/v1/admin/api-keys/:id | JWT + role admin/tenant_admin | Revoke key |
Scopes
| Scope | Description |
|---|---|
credentials:resolve | Resolve/check credentials |
credentials:read | Read credential metadata |
credentials:write | Store/update credentials |
Create Key
POST /api/v1/admin/api-keys
Authorization: Bearer <jwt>
Content-Type: application/json
{
"name": "Agent Runtime",
"scopes": ["credentials:resolve"],
"expiresAt": "2026-06-01T00:00:00.000Z"
}{
"success": true,
"message": "API key created. Store this key securely — it will not be shown again!",
"key": "gk_...",
"keyRecord": {
"id": "...",
"keyPrefix": "gk_xxxx",
"name": "Agent Runtime",
"scopes": ["credentials:resolve"],
"isActive": true
}
}The full key is returned only once.
List Keys
GET /api/v1/admin/api-keys
Authorization: Bearer <jwt>Returns metadata only (never raw key).