Platform API

API Key Management

Use API key management endpoints to list, create, update, rotate, and delete API keys for an organization.

API key secrets are returned only when a key is created or rotated.

List API Keys

GET /organizations/{org_id}/api_keys

Lists API keys for an organization.

Permission: api-read

Response:

{
  "data": [
    {
      "id": "ak_...",
      "name": "Production key",
      "active": true,
      "permissions": ["inference"],
      "created_at": "2026-01-01T00:00:00Z",
      "expires_at": null
    }
  ]
}

Create API Key

POST /organizations/{org_id}/api_keys

Creates an API key.

Permission: api-admin

Request:

{
  "name": "CI key",
  "permissions": ["api-read", "api-write"],
  "expires_at": "2026-12-31T00:00:00Z"
}

Fields:

FieldTypeRequiredDescription
namestringNoHuman-readable key name.
permissionsstring arrayNoDefaults to ["inference"]. Must not be empty.
expires_attimestamp or nullNoExpiration time. Omit for no expiration.

Response:

{
  "data": {
    "key": "sk_mxl_...",
    "id": "ak_...",
    "name": "CI key",
    "active": true,
    "permissions": ["api-read", "api-write"],
    "created_at": "2026-01-01T00:00:00Z",
    "expires_at": "2026-12-31T00:00:00Z"
  }
}

Update API Key

PATCH /organizations/{org_id}/api_keys/{key_id}

Updates an API key.

Permission: api-admin

Request:

{
  "name": "New key name",
  "active": false,
  "permissions": ["inference", "api-read"],
  "expires_at": null
}

Fields:

FieldTypeRequiredDescription
namestringNoNew key name.
activebooleanNofalse disables the key; true enables it.
permissionsstring arrayNoReplacement permission list. Must not be empty.
expires_attimestamp, null, or omittedNoTimestamp sets expiration, null clears expiration, omitted leaves unchanged.

Response: 204 No Content

Rotate API Key

POST /organizations/{org_id}/api_keys/{key_id}/rotate

Rotates an API key secret.

Permission: api-admin

Response:

{
  "data": {
    "key": "sk_mxl_...",
    "id": "ak_...",
    "name": "Production key",
    "active": true,
    "permissions": ["inference"],
    "created_at": "2026-01-01T00:00:00Z",
    "expires_at": null
  }
}

Delete API Key

DELETE /organizations/{org_id}/api_keys/{key_id}

Deletes an API key.

Permission: api-admin

Response: 204 No Content

Errors

All endpoints can return:

{
  "error": {
    "message": "resource not found"
  }
}

Common statuses:

StatusCodeWhen
400noneInvalid JSON, empty permissions, invalid permission, or an update with no fields.
401noneAuthentication failed.
403insufficient_api_key_permissionsAPI key does not have api-admin or tried to grant permissions it does not have.
403forbiddenA user session tried to manage an api-admin key without owner access.
404noneOrganization, key, or API-key organization scope was not found.
500noneInternal error.