API Keys

API key management endpoints use session-based authentication (the VisiSign dashboard session), not API key authentication. These endpoints are used by the Settings UI and require admin or owner role in the organization.

List API keys

GET /v1/api_keys

Returns all active (non-revoked) API keys for the organization.

Response:

{
  "api_keys": [
    {
      "id": 1,
      "name": "production",
      "token_prefix": "vsk_a1b2c3d4",
      "scopes": [],
      "last_used_at": "2026-03-04T10:00:00Z",
      "expires_at": null,
      "created_at": "2026-01-15T10:00:00Z"
    }
  ]
}

---

Create an API key

POST /v1/api_keys

Creates a new API key. The full token is returned only in this response.

Body parameters:

Parameter	Type	Description
name	string	Display name (required)
scopes	array	Permission scopes (optional)
expires_at	string	ISO 8601 expiration date (optional)

Response (201):

{
  "api_key": {
    "id": 2,
    "name": "ci-pipeline",
    "token_prefix": "vsk_f7e8d9c0",
    "scopes": [],
    "created_at": "2026-03-04T12:00:00Z"
  },
  "token": "vsk_f7e8d9c0a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2"
}

Caution

The token field is only included in the creation response. Store it securely — it cannot be retrieved again.

---

Revoke an API key

DELETE /v1/api_keys/:id

Revokes an API key. The key immediately stops working and cannot be restored.

Response: 204 No Content