Keysmith

REST API

Keysmith REST API endpoints for key management.

When mounted via the Forge extension, Keysmith exposes a complete REST API for managing API keys, policies, scopes, usage, and rotations.

Keys

Create API key

POST /v1/keys

Request body:

{
  "name": "Production Key",
  "prefix": "sk",
  "environment": "live",
  "scopes": ["read:users", "write:users"],
  "policy_id": "kpol_01h2xce...",
  "expires_at": "2025-12-31T23:59:59Z"
}

Response (201):

{
  "raw_key": "sk_live_a3f8b2c9e1d4...",
  "key": {
    "id": "akey_01h2xce...",
    "name": "Production Key",
    "prefix": "sk",
    "environment": "live",
    "state": "active",
    "scopes": ["read:users", "write:users"],
    "created_at": "2024-01-15T10:30:00Z"
  }
}

List API keys

GET /v1/keys?limit=50&offset=0&state=active&environment=live

Get API key

GET /v1/keys/:keyId

Delete API key

DELETE /v1/keys/:keyId

Validate API key

POST /v1/keys/validate

Request body:

{
  "raw_key": "sk_live_a3f8b2c9e1d4..."
}

Response (200):

{
  "valid": true,
  "key": {
    "id": "akey_01h2xce...",
    "name": "Production Key",
    "state": "active",
    "tenant_id": "tenant-1"
  },
  "scopes": ["read:users", "write:users"]
}

Rotate API key

POST /v1/keys/:keyId/rotate

Request body:

{
  "reason": "scheduled",
  "grace_period": "24h"
}

Revoke API key

POST /v1/keys/:keyId/revoke

Request body:

{
  "reason": "compromised"
}

Suspend API key

POST /v1/keys/:keyId/suspend

Reactivate API key

POST /v1/keys/:keyId/reactivate

Policies

Create policy

POST /v1/policies

Request body:

{
  "name": "Standard API",
  "rate_limit": 1000,
  "rate_window": "1m",
  "allowed_ips": ["10.0.0.0/8"],
  "allowed_origins": ["https://app.example.com"],
  "max_key_age": "2160h"
}

List policies

GET /v1/policies?limit=50&offset=0

Get policy

GET /v1/policies/:policyId

Update policy

PUT /v1/policies/:policyId

Delete policy

DELETE /v1/policies/:policyId

Scopes

Create scope

POST /v1/scopes

Request body:

{
  "name": "read:users",
  "description": "Read user profiles"
}

List scopes

GET /v1/scopes?limit=100&offset=0

Delete scope

DELETE /v1/scopes/:scopeId

Assign scopes to key

POST /v1/keys/:keyId/scopes

Request body:

{
  "scopes": ["read:billing", "write:billing"]
}

Remove scopes from key

DELETE /v1/keys/:keyId/scopes

Request body:

{
  "scopes": ["write:billing"]
}

Usage

Get key usage

GET /v1/keys/:keyId/usage?from=2024-01-01T00:00:00Z&to=2024-01-31T23:59:59Z&limit=100

Get usage aggregation

GET /v1/keys/:keyId/usage/aggregate?from=2024-01-01T00:00:00Z&to=2024-01-31T23:59:59Z&granularity=daily

List tenant usage

GET /v1/usage?from=2024-01-01T00:00:00Z&to=2024-01-31T23:59:59Z&limit=1000

Rotations

List key rotations

GET /v1/keys/:keyId/rotations?limit=10

HTTP Middleware

Protecting routes with API key validation and scope checks.

Go Package Reference

Complete Go package index for Keysmith.

On this page

KeysCreate API keyList API keysGet API keyDelete API keyValidate API keyRotate API keyRevoke API keySuspend API keyReactivate API keyPoliciesCreate policyList policiesGet policyUpdate policyDelete policyScopesCreate scopeList scopesDelete scopeAssign scopes to keyRemove scopes from keyUsageGet key usageGet usage aggregationList tenant usageRotationsList key rotations