API Keys
Create, list, retrieve, and revoke Sendook API keys.
API keys authenticate every call to the Sendook API. Use the endpoints below to automate key lifecycle management.
All routes require bearer authentication with an existing API key that has permission to manage credentials for your organization.
Create an API key
- Method:
POST - Path:
/v1/api_keys - Auth: Required
Request body
{
"name": "Production integration"
}
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable label shown in the dashboard. |
Response 201 Created
{
"id": "key_01J3Z7VMX8P4V5AQ94TZ8X6N7J",
"name": "Production integration",
"createdAt": "2024-10-10T18:35:21Z",
"revokedAt": null
// ...additional audit fields may be present
}
The secret value of the key is returned once when created—store it securely. Rotate keys periodically and revoke unused ones.
List API keys
- Method:
GET - Path:
/v1/api_keys - Auth: Required
Response 200 OK
[
{
"id": "key_01J3Z7VMX8P4V5AQ94TZ8X6N7J",
"name": "Production integration",
"createdAt": "2024-10-10T18:35:21Z",
"revokedAt": null
},
{
"id": "key_01J3Z8BZXS0DTCNKAYNCVWYE3W",
"name": "Staging agent",
"createdAt": "2024-09-08T09:12:04Z",
"revokedAt": "2024-11-01T12:01:33Z"
}
]
Use the revokedAt timestamp to filter inactive keys in your tooling.
Retrieve an API key
- Method:
GET - Path:
/v1/api_keys/{apiKeyId} - Auth: Required
Path parameters
| Parameter | Type | Description |
|---|---|---|
apiKeyId | string | Identifier returned during creation or listing. |
Response 200 OK
{
"id": "key_01J3Z7VMX8P4V5AQ94TZ8X6N7J",
"name": "Production integration",
"createdAt": "2024-10-10T18:35:21Z",
"revokedAt": null
}
Delete an API key
- Method:
DELETE - Path:
/v1/api_keys/{apiKeyId} - Auth: Required
Revocation immediately prevents further use of the key.
Response 200 OK
{
"id": "key_01J3Z7VMX8P4V5AQ94TZ8X6N7J",
"name": "Production integration",
"createdAt": "2024-10-10T18:35:21Z",
"revokedAt": null
}
Attempting to revoke or fetch a key that does not belong to your organization returns a 404 or 401 depending on your permissions.