Skip to Content
API ReferenceAPI Key Management

API Key Management

Create, list, rotate, and delete API keys for your account.

AuthenticationPermalink for this section

All key management endpoints require authentication via an existing API key. Available to all tiers.

Security: API key management operations are sensitive. Only perform these from server-side code, never from a client-side application.

List API KeysPermalink for this section

Retrieve all API keys associated with your account.

GET /api/v1/account/keys

Example RequestPermalink for this section

curl -X GET "https://api.sharpapi.io/api/v1/account/keys" \
  -H "X-API-Key: YOUR_API_KEY"

Response (200)Permalink for this section

{
  "data": [
    {
      "id": "key_abc123def456",
      "id_masked": "sharpapi_...f456",
      "name": "Production",
      "tier": "pro",
      "is_active": true,
      "created_at": "2025-10-15T08:30:00Z",
      "updated_at": "2026-02-08T14:22:10Z"
    },
    {
      "id": "key_xyz789ghi012",
      "id_masked": "sharpapi_...i012",
      "name": "Staging",
      "tier": "pro",
      "is_active": true,
      "created_at": "2026-01-05T12:00:00Z",
      "updated_at": "2026-02-07T09:15:30Z"
    }
  ],
  "meta": {
    "count": 2,
    "total": 2,
    "pagination": {
      "limit": 50,
      "offset": 0,
      "has_more": false,
      "next_offset": null
    },
    "updated_at": "2026-02-08T14:55:00Z"
  }
}

Key Object FieldsPermalink for this section

FieldTypeDescription
idstringUnique key identifier
id_maskedstringMasked preview of the key (first and last characters visible)
namestring | nullHuman-readable key name
tierstringSubscription tier associated with the key
is_activebooleanWhether the key is currently active
created_atstringISO 8601 timestamp of key creation
updated_atstringISO 8601 timestamp of last key update

Create API KeyPermalink for this section

Generate a new API key for your account.

POST /api/v1/account/keys

Request BodyPermalink for this section

FieldTypeRequiredDescription
namestringYesA descriptive name for the key (e.g., “Production”, “Mobile App”)

Example RequestPermalink for this section

curl -X POST "https://api.sharpapi.io/api/v1/account/keys" \
  -H "X-API-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "Mobile App"}'

Response (201)Permalink for this section

{
  "data": {
    "id": "key_new345mno678",
    "key": "sharpapi_new345mno678pqr901stu234vwx567",
    "name": "Mobile App",
    "tier": "pro"
  }
}

Important: The full key value is only returned once at creation time. Store it securely immediately. Subsequent requests will only show the id_masked preview.

Delete API KeyPermalink for this section

Permanently revoke and delete an API key.

DELETE /api/v1/account/keys/{keyId}

Path ParametersPermalink for this section

ParameterTypeDescription
keyIdstringThe key_id of the key to delete

Example RequestPermalink for this section

curl -X DELETE "https://api.sharpapi.io/api/v1/account/keys/key_xyz789ghi012" \
  -H "X-API-Key: YOUR_API_KEY"

Response (200)Permalink for this section

{
  "deleted": true,
  "key_id": "key_xyz789ghi012",
  "message": "API key revoked successfully"
}

This action is irreversible. Any application using the deleted key will immediately lose API access. You cannot delete the key you are currently authenticating with.

Error ResponsesPermalink for this section

404 Key Not Found

{
  "error": {
    "code": "not_found",
    "message": "API key not found",
    "docs": "https://docs.sharpapi.io/en/api-reference/account-keys"
  }
}

400 Cannot Delete Current Key

{
  "error": {
    "code": "validation_error",
    "message": "Cannot delete the API key used to authenticate this request",
    "docs": "https://docs.sharpapi.io/en/api-reference/account-keys"
  }
}

Rotate API KeyPermalink for this section

Generate a new key value for an existing API key. The old key is immediately revoked and replaced with a new one.

POST /api/v1/account/keys/{keyId}/rotate

Path ParametersPermalink for this section

ParameterTypeDescription
keyIdstringThe key_id of the key to rotate

Example RequestPermalink for this section

curl -X POST "https://api.sharpapi.io/api/v1/account/keys/key_abc123def456/rotate" \
  -H "X-API-Key: YOUR_API_KEY"

Response (200)Permalink for this section

{
  "data": {
    "key_id": "key_abc123def456",
    "name": "Production",
    "key": "sharpapi_rotated789abc012def345ghi678jkl",
    "key_preview": "sharpapi_...jkl",
    "status": "active",
    "rotated_at": "2026-02-08T15:10:00Z",
    "previous_key_revoked": true
  },
  "meta": {
    "updated_at": "2026-02-08T15:10:00Z"
  }
}

Immediate effect: The previous key value is revoked the instant rotation completes. Update your application configuration before the next API request. The new key value is only shown once.

Tip: If you are rotating the key you are currently authenticating with, the rotation will succeed, but you must use the new key for all subsequent requests.

Response HeadersPermalink for this section

All key management endpoints return standard rate limit headers:

X-RateLimit-Limit: 300
X-RateLimit-Remaining: 294
X-RateLimit-Reset: 1707401400
X-Data-Delay: 0
X-Request-Id: req_keys123xyz

Best PracticesPermalink for this section

  1. Use descriptive names - Name keys by their purpose (e.g., “Production Server”, “Staging”, “Mobile App”) to easily identify them later
  2. Rotate regularly - Rotate keys periodically (e.g., every 90 days) as a security best practice
  3. Use separate keys per environment - Create distinct keys for production, staging, and development
  4. Review inactive keys - Identify and clean up unused keys
  5. Store keys in secrets management - Use environment variables or a secrets manager, never hardcode keys
  6. Revoke compromised keys immediately - If a key is exposed, delete or rotate it right away
Last updated on
Usage StatsClosing Line Value (CLV)