Generate, manage, and revoke API keys for programmatic access. SHA-256 hashed storage — plaintext shown once at creation.

🔑

Key Generation

sk_-prefixed keys with 256-bit entropy via crypto.randomBytes. SHA-256 hashed. 12-char prefix for display.

🛡️

Access Control

Owner and admin roles only. Membership verified on every operation. Scopes restricted to explicit allowlist.

📊

Management Dashboard

/org-dashboard/api-keys — table view, create dialog, copy-once display, revoke with confirmation.

Validation

Checks is_active + expires_at. Auto-updates last_used_at. ISO 8601 datetime validation on expiry.

API RouteMethodDescription
/api/account/api-keysGETList keys (hash never exposed)
/api/account/api-keysPOSTCreate key (returns full key once)
/api/account/api-keysDELETERevoke key (sets is_active = false)