API Key
API keys are generated and maintained by the organisation and is used as an alternative authentication method to user specific bearer tokens. This is described in more detail in the Authentication and Authorization section.
Endpoints
For information only. Full, normative endpoint definitions in the Swagger documentation.
| Endpoint | Description | Role |
|---|---|---|
| GET /orgs/:orgId/api_keys | List all API keys | orgadmin |
| POST /orgs/:orgId/api_keys | Create a new API key. The created key is only visible in the response and it is the responsibility of the organisation to store it securely. | orgadmin |
| PUT /orgs/:orgId/api_keys/:apiKeyId | Update an API key | orgadmin |
| POST /orgs/:orgId/api_keys/batch-delete | Delete one or more API keys | orgadmin |
Example ApiKey datatype
{
"type": "APIKEY",
"id": "4a029d35-6703-468c-a541-7c7a4368f812",
"isActive": false,
"orgId": "f306a329-2911-48c4-917c-a5e70958be15",
"createdAt": "2025-06-17T14:01:19.498Z",
"description": "API key for accessing production services",
"createdBy": {
"userId": "b334b8c2-f051-703c-7ce3-74c864252b15"
},
"name": "Bus. Service API key",
"maskedValue": "9f968b20...",
"role": "orgadmin",
"expires": "2025-12-31T23:59:59Z",
"hashedApiKey": "746910ad6c0595bfe586d5dc84786b3dd248d3e24160719d4304821286804022"
}API Keys Overview
API keys allow programmatic authentication without using individual user credentials. They are generated and managed at the organisation level and can be scoped to a specific role. For more details, see the Authentication and Authorization documentation.