Skip to content
JAOT

API Keys

The API Keys endpoints let you create, list, and revoke API keys for programmatic access to the JAOT API. Each key is scoped to a user and organization.

POST /api/v2/keys

Create a new API key for the authenticated user.

Authentication: Requires API key or JWT token.

Warning: The API key value is only returned once at creation time. Store it immediately in a secure location. You will not be able to retrieve it again.

Request Body

All fields are optional.

FieldTypeRequiredDescription
namestringNoA descriptive name for the key (e.g. "Production", "CI/CD")
descriptionstringNoDetailed description of the key's purpose
expires_daysintegerNoNumber of days until expiration (null = never expires)

Response

FieldTypeDescription
api_keystringThe full API key (shown only once)
idstringKey ID for management operations
namestringKey name
descriptionstringKey description
is_activebooleanWhether the key is active
created_atstringISO 8601 timestamp

Examples

import httpx

response = httpx.post(
    "https://api.jaot.io/api/v2/keys",
    headers={"Authorization": "Bearer ok_live_your_key_here"},
    json={
        "name": "Production Server",
        "description": "Used by the production API server",
        "expires_days": 365,
    },
)

key_data = response.json()
print(f"Key ID: {key_data['id']}")
print(f"API Key: {key_data['api_key']}")
print("Store this key securely -- it will not be shown again!")

Response

{
  "api_key": "ok_live_a1b2c3d4e5f6789012345678901234567890abcdef",
  "id": "key_f3a9b2c1",
  "name": "Production Server",
  "description": "Used by the production API server",
  "is_active": true,
  "created_at": "2026-02-19T10:00:00Z"
}

Key prefixes:

PrefixEnvironment
ok_live_Production keys
ok_test_Test/sandbox keys

GET /api/v2/keys

List all API keys for the authenticated user. The full key value is never returned -- only the prefix is shown.

Authentication: Requires API key or JWT token.

Query Parameters

ParameterTypeDefaultDescription
pageinteger1Page number
page_sizeinteger20Items per page (max 100)
searchstring--Search in key name and prefix
is_activeboolean--Filter by active status

Response

FieldTypeDescription
itemsarrayList of API key info objects
items[].idstringKey ID
items[].namestringKey name
items[].key_prefixstringKey prefix (e.g. "ok_live_")
items[].descriptionstringKey description
items[].is_activebooleanWhether the key is active
items[].created_atstringCreation timestamp
items[].last_used_atstringLast usage timestamp (null if never used)
items[].expires_atstringExpiration timestamp (null if no expiry)
totalintegerTotal matching keys
pageintegerCurrent page
page_sizeintegerPage size

Examples

import httpx

response = httpx.get(
    "https://api.jaot.io/api/v2/keys",
    headers={"Authorization": "Bearer ok_live_your_key_here"},
)

keys = response.json()
for key in keys["items"]:
    status = "active" if key["is_active"] else "revoked"
    print(f"{key['name']} ({key['key_prefix']}...): {status}")
    if key["last_used_at"]:
        print(f"  Last used: {key['last_used_at']}")

Response

{
  "items": [
    {
      "id": "key_f3a9b2c1",
      "name": "Production Server",
      "key_prefix": "ok_live_",
      "description": "Used by the production API server",
      "is_active": true,
      "created_at": "2026-02-01T10:00:00Z",
      "last_used_at": "2026-02-19T11:30:00Z",
      "expires_at": "2027-02-01T10:00:00Z"
    }
  ],
  "total": 2,
  "page": 1,
  "page_size": 20
}

DELETE /api/v2/keys/{key_id}

Revoke an API key immediately. Any requests using this key will be rejected after revocation. This action cannot be undone.

Authentication: Requires API key or JWT token.

Path Parameters

ParameterTypeDescription
key_idstringThe key ID to revoke

Examples

import httpx

response = httpx.delete(
    "https://api.jaot.io/api/v2/keys/key_f3a9b2c1",
    headers={"Authorization": "Bearer ok_live_your_key_here"},
)
print(response.json())  # {"message": "API key revoked successfully", "key_id": "key_f3a9b2c1"}

Response

{"message": "API key revoked successfully", "key_id": "key_f3a9b2c1"}

Errors

HTTP CodeErrorDescription
401unauthorizedMissing or invalid API key
404not_foundKey not found or does not belong to you