Skip to main content

List API Keys

Response

keys
ApiKey[]
Array of API key objects

Example Request

curl -X GET "https://api.opensight.ai/api/api-keys" \
  -H "Authorization: Bearer YOUR_API_KEY"

Example Response

{
  "keys": [
    {
      "id": "key_123",
      "user_id": "user_456",
      "name": "Production API Key",
      "key_prefix": "os_live_",
      "last_used_at": "2024-01-15T10:00:00Z",
      "requests_today": 45,
      "requests_month": 1250,
      "created_at": "2024-01-01T08:00:00Z"
    },
    {
      "id": "key_124",
      "user_id": "user_456",
      "name": "Development Key",
      "key_prefix": "os_test_",
      "last_used_at": null,
      "requests_today": 0,
      "requests_month": 0,
      "created_at": "2024-01-10T14:00:00Z"
    }
  ]
}

Create API Key

Request Body

name
string
required
Descriptive name for the API key (1-100 characters)

Response

key
ApiKey
The created API key object with full key value
warning
string
Security warning about saving the key

Example Request

curl -X POST "https://api.opensight.ai/api/api-keys" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key"
  }'

Example Response

{
  "key": {
    "id": "key_123",
    "user_id": "user_456",
    "name": "Production API Key",
    "key": "os_live_1234567890abcdef1234567890abcdef",
    "key_prefix": "os_live_",
    "last_used_at": null,
    "requests_today": 0,
    "requests_month": 0,
    "created_at": "2024-01-15T10:00:00Z"
  },
  "warning": "Please save this API key in a secure location. You will not be able to view it again."
}
The full API key is only shown once during creation. Store it securely as you cannot retrieve it again. If you lose the key, you must create a new one.

Errors

  • 403 Forbidden - API key limit reached for your plan
  • 400 Bad Request - Invalid input data

Plan Limits

  • Free: 2 API keys
  • Starter: 5 API keys
  • Growth: 20 API keys

Delete API Key

Path Parameters

id
string
required
API key ID

Response

key
ApiKey
The revoked API key object
message
string
Confirmation message

Example Request

curl -X DELETE "https://api.opensight.ai/api/api-keys/key_123" \
  -H "Authorization: Bearer YOUR_API_KEY"

Example Response

{
  "key": {
    "id": "key_123",
    "user_id": "user_456",
    "name": "Production API Key",
    "key_prefix": "os_live_",
    "last_used_at": "2024-01-15T10:00:00Z",
    "requests_today": 45,
    "requests_month": 1250,
    "created_at": "2024-01-01T08:00:00Z"
  },
  "message": "API key has been revoked and is no longer usable"
}

Errors

  • 404 Not Found - API key not found or user doesn’t own it
  • 400 Bad Request - API key already revoked

Best Practices

  1. Rotation: Regularly rotate API keys for security
  2. Naming: Use descriptive names to identify key purposes
  3. Least Privilege: Create separate keys for different environments (production, staging, development)
  4. Monitoring: Track key usage through requests_today and requests_month fields
  5. Revocation: Immediately revoke keys if compromised

Using API Keys

Include your API key in the Authorization header of all API requests: 
Authorization: Bearer os_live_1234567890abcdef1234567890abcdef
Or use it as a query parameter (less secure): 
https://api.opensight.ai/api/brands?api_key=os_live_1234567890abcdef1234567890abcdef
The header method is strongly recommended for security. Query parameters may be logged in server access logs.

Build docs developers (and LLMs) love

Get started for freeTalk to us