Skip to content

client.api_keys

Bases: SyncResource

Sync API-keys namespace (client.api_keys).

create

create(*, name: str, expires_at: datetime | str | None = None) -> ApiKeyCreated

Mint a new API key for the calling user (201).

The returned :attr:ApiKeyCreated.plaintext is shown exactly once — the server keeps only a hash. Use it as Authorization: Bearer <plaintext>. The key inherits the user's role (v1 has no scoping).

Parameters:

Name Type Description Default
name str

a label so you can recognize the key later (1–64 chars).

required
expires_at datetime | str | None

when the key stops authenticating; omit for a key that never expires. Accepts a datetime or an ISO-8601 string.

None

Raises:

Type Description
ConflictError

you already hold the max 1 active key (RESOURCE_LIMIT_EXCEEDED) — revoke it first, then re-create.

UnprocessableError

name is empty or too long (VALIDATION_ERROR).

list

list() -> list[ApiKey]

List the calling user's active keys (metadata only — never the plaintext). A complete snapshot, not a page: the endpoint takes no pagination controls and, at the 1-key-per-user cap, returns at most one.

revoke

revoke(key_id: UUID | str) -> None

Revoke (soft-delete) one of your keys; it is rejected on its next auth check. Returns nothing — the server responds 204.

Raises:

Type Description
NotFoundError

no such active key for the calling user (already revoked keys are hidden, so a duplicate revoke 404s).