Key Management

Create, list, rotate, and revoke API keys. All endpoints require session authentication (browser).

POST/api/keys

Create a new API key. Returns the full key once — it cannot be retrieved later.

{ "name": "Production API", "environment": "live" }

{ "data": { "id": "...", "key": "vsk_live_...", "keyPrefix": "vsk_live_...a3f0", "name": "Production API", "environment": "live" } }

GET/api/keys

List all active (non-revoked) API keys. Never returns the full key.

POST/api/keys/:id/rotate

Create a new key with the same name and environment. The old key remains active for 24 hours.

DELETE/api/keys/:id

Immediately revoke a key. It will be rejected within seconds.