API Keys
List, create, and revoke the API keys used to submit transactions.
Beta — rolling out now. The dashboard and its control-plane API are in active rollout. The contract documented here is stable, but availability may vary by deployment.
All routes are under /api/v1 and require Authorization: Bearer <token>. API keys authenticate
transaction submissions — see Authentication for the
format and usage.
GET /keys
List your keys, newest first.
Response — 200 OK
{
"keys": [
{
"id": "…",
"name": "prod",
"prefix": "0b_ab12cd34",
"created_at": "2026-07-05T18:00:00Z",
"last_used_at": "2026-07-05T18:22:31Z",
"revoked_at": null
}
]
}prefixis the0b_+ 8-character display prefix (11 characters). The full key is never returned here.last_used_atisnulluntil the key authenticates its first submission.revoked_atisnullfor active keys, or the revocation timestamp.
POST /keys
Create a key. The full secret is returned once in this response and never again.
Request
{ "name": "prod" }Response — 201 Created
{
"id": "…",
"name": "prod",
"prefix": "0b_ab12cd34",
"key": "0b_ab12cd34XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
}Copy key now. Only a hash is stored server-side, so it cannot be shown again — if you lose it,
revoke the key and create a new one.
Errors
| Status | Code | When |
|---|---|---|
400 | invalid_name | Name is missing or invalid. |
409 | key_limit | You already have the maximum of 10 active keys. |
DELETE /keys/{id}
Revoke a key. Revocation is immediate and idempotent.
Response — 204 No Content (empty body)
Errors
| Status | Code | When |
|---|---|---|
404 | not_found | No key with that id is owned by your account. |