Authorization: Bearer <accessToken> and live under /api/v1/apikey.
POST /apikey/createapikey
Create a new API key scoped to a specific environment and set of permissions.A human-readable label for the key. Example:
"Production Key".Target environment. One of:
PRODUCTION, STAGING, DEVELOPMENT.Array of permission scopes granted to this key. Example:
["incidents:read", "incidents:write"].ISO 8601 expiry timestamp. Omit for a non-expiring key. Example:
"2026-12-31T00:00:00Z".The full API key secret. Shown only once — store it securely before leaving this response.
The key ID used for rotate, revoke, and delete operations.
GET /apikey/apikeys
List all API keys for the authenticated user’s workspace. The key secret is not included in list responses.POST /apikey/:id/rotate
Generate a new secret for an existing key. The old secret is immediately invalidated. The new secret is shown only in the rotation response.The ID of the key to rotate.
POST /apikey/:id/revoke
Disable a key immediately without deleting it. The key record is retained for audit purposes but will no longer authenticate requests.The ID of the key to revoke.
DELETE /apikey/:id
Permanently delete a key and its audit record. This action cannot be undone.The ID of the key to delete.
Available scopes
| Scope | Description |
|---|---|
incidents:read | Read incident data |
incidents:write | Create and update incidents |
postmortems:read | Read postmortem reports |
postmortems:write | Create and update postmortems |
analytics:read | Access dashboard metrics and analytics |
integrations:read | Read integration configuration |
integrations:write | Create and modify integrations |
ingestion:write | Push events via ingestion endpoints |