eavz

API Keys

Create and manage API keys for programmatic access.

API Keys

API keys provide programmatic access to the Weavz API. Keys are scoped to an organization and prefixed with wvz_.

List API Keys

GET/api/v1/api-keys

List all API keys for your organization. Key values are masked — only the keyPrefix (first 8 characters) is shown.

Response

json
{
  "apiKeys": [
    {
      "id": "k1a2b3c4-d5e6-7890-abcd-ef1234567890",
      "orgId": "550e8400-e29b-41d4-a716-446655440000",
      "name": "Production Key",
      "keyPrefix": "wvz_ab12",
      "permissions": null,
      "lastUsedAt": "2025-01-16T08:00:00.000Z",
      "expiresAt": null,
      "createdAt": "2025-01-15T10:30:00.000Z"
    }
  ],
  "total": 1
}

Example

bash
curl https://api.weavz.io/api/v1/api-keys \
  -H "Authorization: Bearer wvz_your_api_key"

Create API Key

POST/api/v1/api-keys

Create a new API key. The full key value is returned only once in the plainKey field — store it securely.

Request Body

FieldTypeRequiredDescription
namestringYesDescriptive name for the key
expiresAtstring (date-time)NoExpiration timestamp (no expiry if omitted)
permissionsobjectNoPermission scope (unrestricted if omitted). See below.

Permissions Object

FieldTypeRequiredDescription
scopestringYes"org" for full access, "workspace" for workspace-scoped
workspaceIdsstring[]When scope is "workspace"UUIDs of the workspaces this key can access

Response (201)

json
{
  "apiKey": {
    "id": "k1a2b3c4-d5e6-7890-abcd-ef1234567890",
    "orgId": "550e8400-e29b-41d4-a716-446655440000",
    "name": "Production Key",
    "keyPrefix": "wvz_ab12",
    "permissions": null,
    "lastUsedAt": null,
    "expiresAt": null,
    "createdAt": "2025-01-15T10:30:00.000Z"
  },
  "plainKey": "wvz_ab12cd34ef56gh78ij90kl12mn34op56"
}

Example

bash
curl -X POST https://api.weavz.io/api/v1/api-keys \
  -H "Authorization: Bearer wvz_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production Key"}'

Create a workspace-scoped key:

bash
curl -X POST https://api.weavz.io/api/v1/api-keys \
  -H "Authorization: Bearer wvz_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Workspace-Only Key",
    "permissions": {
      "scope": "workspace",
      "workspaceIds": ["PROJECT_UUID_1", "PROJECT_UUID_2"]
    }
  }'

Workspace-scoped keys can only access resources within the specified workspaces. Requests to resources outside the allowed workspaces return 403 SCOPE_DENIED.

Errors

StatusCodeDescription
400VALIDATION_ERRORMissing key name
403QUOTA_EXCEEDEDAPI key limit reached for your plan
403SCOPE_DENIEDWorkspace-scoped key cannot access this resource

Revoke API Key

DELETE/api/v1/api-keys/:id

Revoke an API key. The key is immediately invalidated and can no longer be used for authentication.

Path Parameters

FieldTypeDescription
idstring (uuid)API key ID

Response

json
{
  "deleted": true,
  "id": "k1a2b3c4-d5e6-7890-abcd-ef1234567890"
}

Example

bash
curl -X DELETE https://api.weavz.io/api/v1/api-keys/k1a2b3c4-d5e6-7890-abcd-ef1234567890 \
  -H "Authorization: Bearer wvz_your_api_key"

Errors

StatusCodeDescription
404NOT_FOUNDAPI key not found