API Keys Management
Complete guide to creating and managing your API keys.
Overview​
API Keys are the primary way to authenticate with YODI APIs. Each key is:
- Unique - Only you have access to your keys
- Secure - Never shared or logged
- Revocable - Can be deleted at any time
- Rotatable - Can be replaced without losing functionality
- Trackable - You can see which key made which request
Creating an API Key​
Endpoint: POST /api-key/create
Via Dashboard​
- Log in to https://console.yodi.tg
- Go to Settings → API Keys
- Click Generate New Key
- Give it a descriptive name (e.g., "Production Server", "Mobile App")
- Copy the key immediately (you won't see it again!)
Via API​
curl -X POST "https://admin.yodi.tg/api/api-key/create" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My New Key",
"description": "Key for my production server"
}'
Response:
{
"message": "SUCCESS",
"error": false,
"data": {
"id": "key_uuid",
"key": "sk_live_a1_3f8a2b1c4d5e_1x2y3z",
"isActive": true,
"createdAt": "2024-06-01T00:00:00.000Z"
},
"status": 201
}
Viewing Your Keys​
Endpoint: GET /api-key
List all API keys for your account:
curl -X GET "https://admin.yodi.tg/api/api-key" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "SUCCESS",
"error": false,
"data": [
{
"id": "uuid-1",
"key": "sk_live_abc...",
"isActive": true
},
{
"id": "uuid-2",
"key": "sk_live_def...",
"isActive": false
}
],
"status": 200
}
Get Key Details​
Endpoint: GET /api-key/{id}
curl -X GET "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"
Update Key Name/Settings​
Endpoint: PATCH /api-key/{id}
curl -X PATCH "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Updated Key Name",
"description": "Updated description"
}'
Rotate API Key​
Endpoint: POST /api-key/{id}/rotate
Generate a new key while keeping the same name and settings. The old key becomes invalid.
curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/rotate" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "KEY_ROTATED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"key": "sk_live_new_key_here",
"isActive": true
},
"status": 200
}
The old key will be immediately revoked. Update all services using the old key within 5 minutes.
Revoke API Key​
Endpoint: POST /api-key/{id}/revoke
Permanently disable an API key. This action cannot be undone.
curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/revoke" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "KEY_REVOKED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"isActive": false,
"revokedAt": "2024-06-01T00:00:00.000Z"
},
"status": 200
}
Revoking a key will immediately stop all requests using that key.
Delete API Key​
Endpoint: DELETE /api-key/{id}
curl -X DELETE "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "SUCCESS",
"error": false,
"data": null,
"status": 200
}
Security Best Practices​
Key Management​
Create separate keys for:
- Production environment
- Development environment
- Testing/Staging
- Different services/applications
Key Rotation​
Rotate keys periodically (recommended: every 90 days) Rotate immediately if key is compromised
Storage​
Store keys in environment variables:
# .env
YODI_API_KEY=sk_live_your_key_here
Use secret management tools:
- AWS Secrets Manager
- Azure Key Vault
- HashiCorp Vault
- Docker Secrets
Monitoring​
Monitor key usage in your dashboard Set up alerts for suspicious activity Review last used timestamp regularly
Access Control​
Restrict API key usage to specific IP addresses (if available) Use role-based access control Limit key permissions (if granular permissions available)
Troubleshooting​
Key Not Working?​
- Check the key format:
sk_live_...orsk_test_... - Ensure it's in the correct header:
Authorization: Bearer YOUR_KEY - Verify the key hasn't been revoked
- Check your subscription status and credits
Lost Your Key?​
You cannot retrieve a lost key. You must:
- Create a new API key
- Update all services with the new key
- (Optional) Revoke the lost key for security