SDKey

Docs

Sign in

API keys & Bearer tokens

Programmatic access for scripts, CI, and tooling — the same account power as a dashboard session.

What they are

Developer API keys look like sdk_live_…. They are full-account credentials: there are no scopes. A valid key authenticates as you on every requireAuth route (apps, licenses, account, metrics, /auth/me).

They do not authenticate client license validation. End-user programs use the sealed session path in License control.

Dashboard

Create, copy (once), list, and revoke keys under Settings → API keys. Plaintext is shown only at creation; afterward you only see a prefix and metadata (last_used_at, revoked).

HTTP: create, list, revoke

All require an existing session cookie or another API key.

Create — POST /api/v1/account/api-keys
{
  "name": "ci-bot"
}
201 response (plaintext once)
{
  "success": true,
  "key": {
    "id": "<uuid>",
    "name": "ci-bot",
    "apiKey": "sdk_live_…",
    "keyPrefix": "sdk_live_abcd1234…",
    "createdAt": "…"
  },
  "warning": "API key plaintext is shown once. Store it securely; only the hash is retained."
}
List — GET /api/v1/account/api-keys
{ "success": true, "keys": [ /* prefix + metadata only */ ] }
Revoke — POST /api/v1/account/api-keys/:id/revoke
{ "success": true }

Using the Bearer header

Header
Authorization: Bearer sdk_live_<token>
Content-Type: application/json
Create licenses
curl -X POST https://api.sdkey.dev/api/v1/licenses/create \
  -H 'Authorization: Bearer sdk_live_....' \
  -H 'Content-Type: application/json' \
  -d '{"applicationId":"<uuid>","amount":1,"durationSeconds":2592000}'
List apps
curl https://api.sdkey.dev/api/v1/apps/ \
  -H 'Authorization: Bearer sdk_live_....'

Auth resolution

If both a sdkey_session cookie and a Bearer token are present, the cookie wins. Failed Bearer attempts are rate-limited (30 / min / IP).

Security

  • Server stores SHA-256 of the key only
  • Copy the plaintext immediately — it cannot be recovered later
  • Revoke immediately if a key leaks
  • Prefer short-lived keys per environment (CI vs laptop)