Aller au contenu principal

API Keys Management

Complete guide to creating and managing your API keys.

Overview​

API Keys are the primary way to authenticate with YODI APIs. Each key is:

  • Unique - Only you have access to your keys
  • Secure - Never shared or logged
  • Revocable - Can be deleted at any time
  • Rotatable - Can be replaced without losing functionality
  • Trackable - You can see which key made which request

Creating an API Key​

Endpoint: POST /api-key/create

Via Dashboard​

  1. Log in to https://console.yodi.tg
  2. Go to Settings → API Keys
  3. Click Generate New Key
  4. Give it a descriptive name (e.g., "Production Server", "Mobile App")
  5. Copy the key immediately (you won't see it again!)

Via API​

curl -X POST "https://admin.yodi.tg/api/api-key/create" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My New Key",
"description": "Key for my production server"
}'

Response:

{
"message": "SUCCESS",
"error": false,
"data": {
"id": "key_uuid",
"key": "sk_live_a1_3f8a2b1c4d5e_1x2y3z",
"isActive": true,
"createdAt": "2024-06-01T00:00:00.000Z"
},
"status": 201
}

Viewing Your Keys​

Endpoint: GET /api-key

List all API keys for your account:

curl -X GET "https://admin.yodi.tg/api/api-key" \
-H "Authorization: Bearer YOUR_API_KEY"

Response:

{
"message": "SUCCESS",
"error": false,
"data": [
{
"id": "uuid-1",
"key": "sk_live_abc...",
"isActive": true
},
{
"id": "uuid-2",
"key": "sk_live_def...",
"isActive": false
}
],
"status": 200
}

Get Key Details​

Endpoint: GET /api-key/{id}

curl -X GET "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"

Update Key Name/Settings​

Endpoint: PATCH /api-key/{id}

curl -X PATCH "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Updated Key Name",
"description": "Updated description"
}'

Rotate API Key​

Endpoint: POST /api-key/{id}/rotate

Generate a new key while keeping the same name and settings. The old key becomes invalid.

curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/rotate" \
-H "Authorization: Bearer YOUR_API_KEY"

Response:

{
"message": "KEY_ROTATED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"key": "sk_live_new_key_here",
"isActive": true
},
"status": 200
}
Important

The old key will be immediately revoked. Update all services using the old key within 5 minutes.


Revoke API Key​

Endpoint: POST /api-key/{id}/revoke

Permanently disable an API key. This action cannot be undone.

curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/revoke" \
-H "Authorization: Bearer YOUR_API_KEY"

Response:

{
"message": "KEY_REVOKED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"isActive": false,
"revokedAt": "2024-06-01T00:00:00.000Z"
},
"status": 200
}
danger

Revoking a key will immediately stop all requests using that key.


Delete API Key​

Endpoint: DELETE /api-key/{id}

curl -X DELETE "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"

Response:

{
"message": "SUCCESS",
"error": false,
"data": null,
"status": 200
}

Security Best Practices​

Key Management​

Create separate keys for:

  • Production environment
  • Development environment
  • Testing/Staging
  • Different services/applications

Key Rotation​

Rotate keys periodically (recommended: every 90 days) Rotate immediately if key is compromised

Storage​

Store keys in environment variables:

# .env
YODI_API_KEY=sk_live_your_key_here

Use secret management tools:

  • AWS Secrets Manager
  • Azure Key Vault
  • HashiCorp Vault
  • Docker Secrets

Monitoring​

Monitor key usage in your dashboard Set up alerts for suspicious activity Review last used timestamp regularly

Access Control​

Restrict API key usage to specific IP addresses (if available) Use role-based access control Limit key permissions (if granular permissions available)


Troubleshooting​

Key Not Working?​

  1. Check the key format: sk_live_... or sk_test_...
  2. Ensure it's in the correct header: Authorization: Bearer YOUR_KEY
  3. Verify the key hasn't been revoked
  4. Check your subscription status and credits

Lost Your Key?​

You cannot retrieve a lost key. You must:

  1. Create a new API key
  2. Update all services with the new key
  3. (Optional) Revoke the lost key for security

Next Steps​