API keys provide machine-to-machine authentication for the KaireonAI platform. Keys use the krn_ prefix and are hashed before storage — the raw key is only shown once at creation time.
POST /api/v1/api-keys
Generate a new API key. Admin only.
Request Body
| Field | Type | Required | Description |
|---|
name | string | No | Human-readable key name (defaults to key-{timestamp}) |
expiresAt | string | No | ISO 8601 expiration date. Omit for non-expiring keys |
Example
curl -X POST https://playground.kaireonai.com/api/v1/api-keys \
-H "Content-Type: application/json" \
-H "X-Tenant-Id: my-tenant" \
-H "X-User-Role: admin" \
-d '{
"name": "CI Pipeline Key",
"expiresAt": "2027-01-01T00:00:00Z"
}'
Response (201)
{
"id": "clx...",
"name": "CI Pipeline Key",
"key": "krn_a1b2c3d4e5f6...",
"prefix": "krn_a1b2c3d4",
"expiresAt": "2027-01-01T00:00:00.000Z",
"createdAt": "2026-03-18T12:00:00.000Z",
"warning": "Store this key securely. It will not be shown again."
}
The raw API key (key field) is only returned on creation. Store it securely — it cannot be retrieved later.
GET /api/v1/api-keys
List all active (non-revoked) API keys for the tenant. Returns prefixes only — not the full key. Admin only.
Response
{
"data": [
{
"id": "clx...",
"name": "CI Pipeline Key",
"prefix": "krn_a1b2c3d4",
"expiresAt": "2027-01-01T00:00:00.000Z",
"lastUsedAt": "2026-03-17T09:30:00.000Z",
"createdAt": "2026-03-18T12:00:00.000Z"
}
],
"total": 1
}
DELETE /api/v1/api-keys?id=
Revoke an API key (soft delete). The key immediately stops working. Admin only.
Query Parameters
| Parameter | Type | Required | Description |
|---|
id | string | Yes | The API key record ID |
Request Body (optional)
| Field | Type | Required | Description |
|---|
reason | string | No | Reason for revocation (stored for audit) |
Response
204 No Content on success. 
