API Keys Create, list, update, revoke, and delete API keys — the credentials that authenticate SDK and API requests.
API keys authenticate requests from the SDK, CLI, and direct API calls. Each key is scoped to an organization and project. The full key value is only returned once at creation time.
All endpoints require authentication via Bearer JWT with X-Organization-Id header, or an existing API key (X-Veto-API-Key).
List all API keys for the authenticated organization.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
{ "data" : [ { "id" : "k57a8b2c3d4e5f6a7" , "name" : "Production API Key" , "keyPrefix" : "veto_abc1..." , "isRevoked" : false , "lastUsedAt" : "2025-01-20T14:30:00Z" , "createdAt" : "2025-01-15T10:00:00Z" } ] } curl https://api.veto.so/v1/api-keys \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" Create a new API key. The full key is returned only in this response. Store it securely.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT Content-TypeYes application/json
{ "name" : "Production API Key" , "projectId" : "proj_abc123" } Field Type Required Description namestringYes Display name (1-100 chars) projectIdstringYes Project to scope this key to
{ "id" : "k57a8b2c3d4e5f6a7" , "name" : "Production API Key" , "key" : "veto_abc123def456ghi789..." , "keyPrefix" : "veto_abc1..." , "createdAt" : "2025-01-20T14:30:00Z" , "warning" : "This is the only time the full API key will be shown. Please save it securely." } Field Type Description idstringAPI key record ID namestringDisplay name keystringFull API key value (only shown once) keyPrefixstringTruncated prefix for identification createdAtstringISO 8601 creation timestamp warningstringReminder to save the key
curl -X POST https://api.veto.so/v1/api-keys \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" \ -H "Content-Type: application/json" \ -d '{ "name": "Staging API Key", "projectId": "proj_abc123" }' Get a single API key by ID. The full key value is never returned after creation.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
Parameter Type Description idstringAPI key record ID
{ "id" : "k57a8b2c3d4e5f6a7" , "name" : "Production API Key" , "keyPrefix" : "veto_abc1..." , "isRevoked" : false , "lastUsedAt" : "2025-01-20T14:30:00Z" , "createdAt" : "2025-01-15T10:00:00Z" } Status Code Description 404 not_foundAPI key does not exist or belongs to a different org
curl https://api.veto.so/v1/api-keys/k57a8b2c3d4e5f6a7 \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" Update the display name of an API key.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT Content-TypeYes application/json
Parameter Type Description idstringAPI key record ID
{ "name" : "Renamed API Key" } Field Type Required Description namestringYes New display name (1-100 chars)
{ "id" : "k57a8b2c3d4e5f6a7" , "name" : "Renamed API Key" , "keyPrefix" : "veto_abc1..." , "isRevoked" : false , "lastUsedAt" : "2025-01-20T14:30:00Z" , "createdAt" : "2025-01-15T10:00:00Z" } Status Code Description 404 not_foundAPI key does not exist or belongs to a different org
curl -X PATCH https://api.veto.so/v1/api-keys/k57a8b2c3d4e5f6a7 \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" \ -H "Content-Type: application/json" \ -d '{ "name": "Renamed API Key" }' Revoke an API key. Revoked keys immediately stop authenticating requests. The key record is preserved for audit purposes.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
Parameter Type Description idstringAPI key record ID
{ "success" : true , "message" : "API key has been revoked" , "id" : "k57a8b2c3d4e5f6a7" , "isRevoked" : true } Status Code Description 404 not_foundAPI key does not exist or belongs to a different org
curl -X POST https://api.veto.so/v1/api-keys/k57a8b2c3d4e5f6a7/revoke \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" Permanently delete an API key record. Unlike revocation, this removes the key from the database entirely.
Header Required Description X-Veto-API-Key or AuthorizationYes API key or Bearer JWT
Parameter Type Description idstringAPI key record ID
Status Code Description 404 not_foundAPI key does not exist or belongs to a different org
curl -X DELETE https://api.veto.so/v1/api-keys/k57a8b2c3d4e5f6a7 \ -H "Authorization: Bearer $JWT_TOKEN " \ -H "X-Organization-Id: org_abc123" Field Type Description idstringRecord ID namestringDisplay name keyPrefixstringTruncated key prefix (e.g. veto_abc1...) isRevokedbooleanWhether the key has been revoked lastUsedAtstring?ISO 8601 timestamp of last use createdAtstringISO 8601 creation timestamp
