API keys

Keys identify your integration and authorize task creation and completion. Only a salted scrypt hash is stored server-side after the initial reveal.

Create a key

Use the API keys console to mint a key. Copy the secret immediately; you cannot retrieve it again.

List and revoke

Management endpoints return metadata (ids, labels, timestamps, status). Revocation takes effect for new requests quickly; allow for in-flight retries to drain.

# List keys (management token)
curl -sS "$BASE/v1/api-keys" \
  -H "Authorization: Bearer $MANAGEMENT_TOKEN"

# Revoke
curl -sS -X DELETE "$BASE/v1/api-keys/<keyId>" \
  -H "Authorization: Bearer $MANAGEMENT_TOKEN"

Storage on your side

Prefer a secret manager or encrypted env for agent deployments. For local development, avoid committing keys to version control.

← Authentication · Create a task →

← Documentation home