API Keys Management
Complete guide to creating and managing your API keys.
Overviewโ
API Keys are the primary way to authenticate with YODI APIs. Each key is:
- Unique - Only you have access to your keys
- Secure - Never shared or logged
- Revocable - Can be deleted at any time
- Rotatable - Can be replaced without losing functionality
- Trackable - You can see which key made which request
Creating an API Keyโ
Endpoint: POST /api-key/create
Via Dashboardโ
- Log in to https://console.yodi.tg
- Go to Settings โ API Keys
- Click Generate New Key
- Give it a descriptive name (e.g., "Production Server", "Mobile App")
- Copy the key immediately (you won't see it again!)
Via APIโ
curl -X POST "https://admin.yodi.tg/api/api-key/create" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "My New Key",
"description": "Key for my production server"
}'
Response:
{
"message": "SUCCESS",
"error": false,
"data": {
"id": "key_uuid",
"key": "sk_live_a1_3f8a2b1c4d5e_1x2y3z",
"isActive": true,
"createdAt": "2024-06-01T00:00:00.000Z"
},
"status": 201
}
Viewing Your Keysโ
Endpoint: GET /api-key
List all API keys for your account:
curl -X GET "https://admin.yodi.tg/api/api-key" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "SUCCESS",
"error": false,
"data": [
{
"id": "uuid-1",
"key": "sk_live_abc...",
"isActive": true
},
{
"id": "uuid-2",
"key": "sk_live_def...",
"isActive": false
}
],
"status": 200
}
Get Key Detailsโ
Endpoint: GET /api-key/{id}
curl -X GET "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"
Update Key Name/Settingsโ
Endpoint: PATCH /api-key/{id}
curl -X PATCH "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "Updated Key Name",
"description": "Updated description"
}'
Rotate API Keyโ
Endpoint: POST /api-key/{id}/rotate
Generate a new key while keeping the same name and settings. The old key becomes invalid.
curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/rotate" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "KEY_ROTATED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"key": "sk_live_new_key_here",
"isActive": true
},
"status": 200
}
The old key will be immediately revoked. Update all services using the old key within 5 minutes.
Revoke API Keyโ
Endpoint: POST /api-key/{id}/revoke
Permanently disable an API key. This action cannot be undone.
curl -X POST "https://admin.yodi.tg/api/api-key/key_abc123/revoke" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "KEY_REVOKED_SUCCESS",
"error": false,
"data": {
"id": "uuid-1",
"isActive": false,
"revokedAt": "2024-06-01T00:00:00.000Z"
},
"status": 200
}
Revoking a key will immediately stop all requests using that key.
Delete API Keyโ
Endpoint: DELETE /api-key/{id}
curl -X DELETE "https://admin.yodi.tg/api/api-key/key_abc123" \
-H "Authorization: Bearer YOUR_API_KEY"
Response:
{
"message": "SUCCESS",
"error": false,
"data": null,
"status": 200
}
Security Best Practicesโ
Key Managementโ
Create separate keys for:
- Production environment
- Development environment
- Testing/Staging
- Different services/applications
Key Rotationโ
Rotate keys periodically (recommended: every 90 days) Rotate immediately if key is compromised
Storageโ
Store keys in environment variables:
# .env
YODI_API_KEY=sk_live_your_key_here
Use secret management tools:
- AWS Secrets Manager
- Azure Key Vault
- HashiCorp Vault
- Docker Secrets
Monitoringโ
Monitor key usage in your dashboard Set up alerts for suspicious activity Review last used timestamp regularly
Access Controlโ
Restrict API key usage to specific IP addresses (if available) Use role-based access control Limit key permissions (if granular permissions available)
Troubleshootingโ
Key Not Working?โ
- Check the key format:
sk_live_...orsk_test_... - Ensure it's in the correct header:
Authorization: Bearer YOUR_KEY - Verify the key hasn't been revoked
- Check your subscription status and credits
Lost Your Key?โ
You cannot retrieve a lost key. You must:
- Create a new API key
- Update all services with the new key
- (Optional) Revoke the lost key for security