The API Key object represents an API key within an organization.
id string required
Unique identifier for the API key.
key string required
The full API key value. Only returned during creation and rotation. Use this value immediately as it cannot be retrieved again.
key_prefix string required
The key prefix for identification purposes. Always returned in API responses.
organization_id string required
ID of the organization that owns this API key.
key_name string required
Human-readable name for the API key.
is_active boolean required
Whether the API key is currently active and can be used for authentication.
is_paused boolean required
Whether the API key is paused.
usage_limit_chf number | null optional
Per-key monthly spending limit in CHF. null indicates no limit.
scopes array | null optional
Array of permission scopes granted to this API key.
created_by string required
ID of the user who created this API key.
created_at string required
ISO 8601 timestamp when the API key was created.
last_used_at string | null optional
ISO 8601 timestamp when the API key was last used.
expires_at string | null optional
ISO 8601 timestamp when the API key expires. null indicates no expiration.
{
"id": "apikey_123abc456def789",
"key_prefix": "fak_live_a1b2",
"organization_id": "org_123abc456def789ghi012jkl345mno67",
"key_name": "Production API Key",
"is_active": true,
"is_paused": false,
"usage_limit_chf": 500.0,
"scopes": null,
"created_by": "usr_456def789ghi012jkl345mno678pqr90",
"created_at": "2025-11-05T10:00:00Z",
"last_used_at": "2025-12-15T14:30:00Z",
"expires_at": "2026-01-01T00:00:00Z"
}- The full
keyvalue is only returned once during creation or rotation - Store API keys securely and never commit them to version control
- Use environment variables to store API keys in your applications
- Rotate keys regularly for security
- Deactivate or pause unused keys immediately