Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.scrubbe.com/llms.txt

Use this file to discover all available pages before exploring further.

API keys let server-side applications and ingestion pipelines authenticate with Scrubbe without user credentials. Each key is scoped to specific permissions and an environment, so you can apply the principle of least privilege to every integration. All endpoints in this section require Authorization: Bearer <accessToken> and live under /api/v1/apikey.
An API key’s secret value is shown only once immediately after creation. Store it in a secrets manager immediately — it cannot be retrieved again. If lost, rotate or delete the key and create a new one.

POST /apikey/createapikey

Create a new API key scoped to a specific environment and set of permissions.
name
string
required
A human-readable label for the key. Example: "Production Key".
environment
string
required
Target environment. One of: PRODUCTION, STAGING, DEVELOPMENT.
scopes
string[]
required
Array of permission scopes granted to this key. Example: ["incidents:read", "incidents:write"].
expiresAt
string
ISO 8601 expiry timestamp. Omit for a non-expiring key. Example: "2026-12-31T00:00:00Z".
curl --request POST \
  --url "https://your-api-domain.com/api/v1/apikey/createapikey" \
  --header "Content-Type: application/json" \
  --header "Authorization: Bearer $ACCESS_TOKEN" \
  --data '{
    "name": "Production Key",
    "environment": "PRODUCTION",
    "scopes": ["incidents:read", "incidents:write"],
    "expiresAt": "2026-12-31T00:00:00Z"
  }'
201 response 
{
  "success": true,
  "message": "API key created successfully.",
  "data": {
    "id": "apk_01HX...",
    "name": "Production Key",
    "key": "sk_prod_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "environment": "PRODUCTION",
    "scopes": ["incidents:read", "incidents:write"],
    "expiresAt": "2026-12-31T00:00:00Z",
    "createdAt": "2025-06-01T09:00:00Z"
  }
}
data.key
string
The full API key secret. Shown only once — store it securely before leaving this response.
data.id
string
The key ID used for rotate, revoke, and delete operations.

GET /apikey/apikeys

List all API keys for the authenticated user’s workspace. The key secret is not included in list responses. 
{
  "success": true,
  "message": "API keys retrieved.",
  "data": [
    {
      "id": "apk_01HX...",
      "name": "Production Key",
      "environment": "PRODUCTION",
      "scopes": ["incidents:read", "incidents:write"],
      "expiresAt": "2026-12-31T00:00:00Z",
      "lastUsedAt": "2025-05-20T14:22:00Z",
      "createdAt": "2025-06-01T09:00:00Z"
    }
  ]
}

POST /apikey/:id/rotate

Generate a new secret for an existing key. The old secret is immediately invalidated. The new secret is shown only in the rotation response.
id
string
required
The ID of the key to rotate.
{
  "success": true,
  "message": "API key rotated successfully.",
  "data": {
    "id": "apk_01HX...",
    "key": "sk_prod_yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
  }
}
Automate key rotation on a regular schedule (e.g., every 90 days) to limit the blast radius of a compromised credential.

POST /apikey/:id/revoke

Disable a key immediately without deleting it. The key record is retained for audit purposes but will no longer authenticate requests.
id
string
required
The ID of the key to revoke.
{
  "success": true,
  "message": "API key revoked successfully.",
  "data": {}
}

DELETE /apikey/:id

Permanently delete a key and its audit record. This action cannot be undone.
id
string
required
The ID of the key to delete.
{
  "success": true,
  "message": "API key deleted.",
  "data": {}
}
Deleting a key is irreversible. Prefer revoke if you want to retain the audit trail.

Available scopes

ScopeDescription
incidents:readRead incident data
incidents:writeCreate and update incidents
postmortems:readRead postmortem reports
postmortems:writeCreate and update postmortems
analytics:readAccess dashboard metrics and analytics
integrations:readRead integration configuration
integrations:writeCreate and modify integrations
ingestion:writePush events via ingestion endpoints