API Keys
Manage your API keys programmatically. Create, list, and revoke keys.
For a complete guide on authentication, see the Authentication documentation.
Endpoints
GET
/api/v1/api-keysList your API keys
POST
/api/v1/api-keysCreate a new API key
GET
/api/v1/api-keys/{id}Get key details
DELETE
/api/v1/api-keys/{id}Revoke an API key
List API Keys
GET
/api/v1/api-keysExample Request
"text">-purple-600">curl https://vydra.app/api/v1/api"text-blue-600">-keys \
"text-blue-600">-H "Authorization: Bearer YOUR_API_KEY"Responsejson
{
"data": [
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Production Server",
"keyPrefix": "vydra_live_use...",
"scopes": ["*"],
"isActive": true,
"expiresAt": null,
"lastUsedAt": "2026-01-26T12:00:00.000Z",
"requestCount": 1542,
"createdAt": "2026-01-01T00:00:00.000Z",
"revokedAt": null
},
{
"id": "660f9500-f30c-52e5-b827-557766550001",
"name": "Development",
"keyPrefix": "vydra_live_use...",
"scopes": ["models:*"],
"isActive": true,
"expiresAt": "2026-04-01T00:00:00.000Z",
"lastUsedAt": "2026-01-25T08:30:00.000Z",
"requestCount": 89,
"createdAt": "2026-01-15T00:00:00.000Z",
"revokedAt": null
}
]
}Create API Key
POST
/api/v1/api-keysSession Authentication Only
Creating API keys requires session authentication (logged into the dashboard). You cannot create keys using another API key.
Request Body
| Name | Type | Description |
|---|---|---|
namerequired | string | Display name for the key |
scopes | string[]Default: ["*"] | Permission scopes |
expiresInDays | number | Days until expiration (null = never) |
Example Request Bodyjson
{
"name": "Mobile App Production",
"scopes": ["models:*", "upload:*"],
"expiresInDays": 90
}Response (201 Created)json
{
"id": "770g0611-g41d-63f6-c938-668877661112",
"key": "vydra_live_user_abc123_X7kM9pQ2nL5vB8wR...",
"keyPrefix": "vydra_live_use...",
"message": "Store this key securely. It will not be shown again."
}Save Your Key!
The full API key is only returned once during creation. If you lose it, you'll need to create a new key.
Get Key Details
GET
/api/v1/api-keys/{id}Examplebash
"text">-purple-600">curl https://vydra.app/api/v1/api"text-blue-600">-keys/550e8400"text-blue-600">-e29b-41d4"text-blue-600">-a716-446655440000 \
"text-blue-600">-H "Authorization: Bearer YOUR_API_KEY"Responsejson
{
"data": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "Production Server",
"keyPrefix": "vydra_live_use...",
"scopes": ["*"],
"isActive": true,
"expiresAt": null,
"lastUsedAt": "2026-01-26T12:00:00.000Z",
"requestCount": 1542,
"createdAt": "2026-01-01T00:00:00.000Z",
"revokedAt": null,
"organizationId": "org_abc123"
}
}Revoke API Key
DELETE
/api/v1/api-keys/{id}Examplebash
"text">-purple-600">curl "text-blue-600">-X DELETE https://vydra.app/api/v1/api"text-blue-600">-keys/550e8400"text-blue-600">-e29b-41d4"text-blue-600">-a716-446655440000 \
"text-blue-600">-H "Authorization: Bearer YOUR_API_KEY"Responsejson
{
"success": true,
"message": "API key revoked"
}Irreversible
Revoking an API key is permanent. The key cannot be restored. Any applications using it will immediately lose access.
API Key Object
Fields
| Name | Type | Description |
|---|---|---|
id | string | Unique key identifier (UUID) |
name | string | Display name |
keyPrefix | string | First 15 characters for identification |
scopes | string[] | Permission scopes |
isActive | boolean | Whether key is currently active |
expiresAt | string | null | Expiration timestamp (ISO 8601) |
lastUsedAt | string | null | Last usage timestamp |
requestCount | number | Total requests made with this key |
createdAt | string | Creation timestamp |
revokedAt | string | null | Revocation timestamp if revoked |
Available Scopes
| Scope | Permissions |
|---|---|
* | Full access to all endpoints |
models:* | List models, generate, edit images |
models:read | List models only |
models:write | Generate and edit images |
jobs:* | Create, list, cancel jobs |
jobs:read | List and get job status |
jobs:write | Create and cancel jobs |
upload:* | Upload files |
account:read | Read account and organization info |