/v1/keys
Mint, list, and revoke API keys. These endpoints are session-authenticated via your dashboard login — they do not take a bearer token. This avoids the bootstrap problem of needing a key to create your first key.
GET /v1/keys
GET
/v1/keys— List all keys for the calling accountResponse
json
{
"request_id": "…",
"keys": [
{
"id": "1a2b…",
"name": "Production server",
"prefix": "lvk_live_AB",
"mode": "live",
"status": "active",
"created_at": "2026-04-10T11:04:00.000Z",
"last_used_at": "2026-04-25T08:12:30.000Z",
"revoked_at": null
}
]
}The plaintext token is never returned by GET. It's only shown once at creation time.
POST /v1/keys
POST
/v1/keys— Mint a new key. Returns the plaintext token ONCE.Request body
| Field | Type | Description |
|---|---|---|
namerequired | string | Human label, 1–80 chars. Shown in the dashboard list. |
modeoptional | 'live' | 'test' | Prefix label. Both modes hit real providers and draw from your credit balance — "test" is not a sandbox. Default: 'live' |
Response
json
{
"request_id": "…",
"key": {
"id": "1a2b…",
"name": "Production server",
"prefix": "lvk_live_AB",
"mode": "live",
"status": "active",
"created_at": "2026-04-10T11:04:00.000Z",
"token": "lvk_live_AB7oMv2Kj9qX…"
}
}token is the plaintext bearer token — store it immediately. The server keeps only a SHA-256 hash; we cannot recover a lost token.
DELETE /v1/keys/:id
DELETE
/v1/keys/:id— Revoke a key. The auth cache is busted within seconds; further requests return 401.Response
json
{
"request_id": "…",
"revoked": true,
"id": "1a2b…"
}Errors
| Field | Type | Description |
|---|---|---|
invalid_requestoptional | 400 | Body failed validation (missing name, invalid mode, non-UUID id). |
unauthorizedoptional | 401 | No active dashboard session. Log in and retry. |
not_foundoptional | 404 | The key id does not belong to your account, or has already been revoked. |