API keys

Programmatic key management. Scope narrowly, set expiry, rotate without downtime.

Create a key

POST/v1/api-keys

namestringRequired

Human-readable label.

scopesstring[]Optional

Scopes. Omit or pass [\"*\"] for an unscoped key. See the auth page for the scope list.

expires_atstringOptional

ISO 8601 timestamp. Omit for no expiry.

Response

json

{
  "id": "key_01HZ...",
  "prefix": "wc_live_",
  "secret": "wc_live_01HZxxxxxxxxxxxxxxxx",
  "name": "transcription-worker",
  "scopes": ["transcripts:write"],
  "created": 1712345678,
  "expires_at": "2026-12-31T23:59:59Z"
}

Shown once

The secret field is returned on create only; subsequent reads omit it. Store it in a secret manager immediately.

List keys

GET/v1/api-keys

Revoke a key

DELETE/v1/api-keys/{key_id}

Immediate. Traffic under the revoked key starts returning 401 within seconds.

← Previous

Deployments

Webhooks