Skip to content
cadenya
Get started
API Reference

API Keys

APIKeyService manages workspace-scoped API Keys. Each API key belongs to a single workspace, ensuring isolation between environments.

Authentication: Bearer token (JWT) Scope: Workspace-level operations

List API keys
client.apiKeys.list(APIKeyListParams { cursor, includeInfo, limit, 2 more } query?, RequestOptionsoptions?): CursorPagination<APIKey { metadata, spec, info } >
GET/v1/api_keys
Create a new API key
client.apiKeys.create(APIKeyCreateParams { metadata, spec } body, RequestOptionsoptions?): APIKey { metadata, spec, info }
POST/v1/api_keys
Get an API key by ID
client.apiKeys.retrieve(stringid, RequestOptionsoptions?): APIKey { metadata, spec, info }
GET/v1/api_keys/{id}
Delete an API key
client.apiKeys.delete(stringid, RequestOptionsoptions?): void
DELETE/v1/api_keys/{id}
Update an API key
client.apiKeys.update(stringid, APIKeyUpdateParams { metadata, spec, updateMask } body, RequestOptionsoptions?): APIKey { metadata, spec, info }
PATCH/v1/api_keys/{id}
Rotate an API key
client.apiKeys.rotate(stringid, RequestOptionsoptions?): APIKey { metadata, spec, info }
PUT/v1/api_keys/{id}/rotate
ModelsExpand Collapse
APIKey { metadata, spec, info }

APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret.

metadata: ResourceMetadata { id, accountId, createdAt, 5 more }

Standard metadata for persistent, named resources (e.g., agents, tools, prompts)

id: string

Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...")

accountId: string

Account this resource belongs to for multi-tenant isolation (prefixed ULID)

createdAt: string

Timestamp when this resource was created

formatdate-time
name: string

Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly

profileId: string

ID of the actor (user or service account) that created this resource

workspaceId: string

Workspace this resource belongs to for organizational grouping (prefixed ULID)

externalId?: string

External ID for the resource (e.g., a workflow ID from an external system)

labels?: Record<string, string>

Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"}

spec: APIKeySpec { token, description }

APIKeySpec contains the API Key-specific fields

token?: string

The actual token value (only returned on creation and rotation, read-only)

description?: string

Description of what this API Key is used for

info?: APIKeyInfo { createdBy }
createdBy?: Profile { metadata, spec }

Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS).

metadata: AccountResourceMetadata { id, accountId, name, 3 more }

AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace.

id: string

Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...")

accountId: string

Account this resource belongs to for multi-tenant isolation (prefixed ULID)

name: string

Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly

profileId: string
externalId?: string

External ID for the resource (e.g., a workflow ID from an external system)

labels?: Record<string, string>

Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"}

spec: ProfileSpec { type, email, name }

ProfileSpec contains the profile-specific fields

type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"

Type is the type of profile. User's are humans, API keys are computers. You know the deal.

formatenum
One of the following:
"PROFILE_TYPE_USER"
"PROFILE_TYPE_API_KEY"
"PROFILE_TYPE_SYSTEM"
email?: string

Email address of the user (required, unique per account)

name?: string

Display name for the user (e.g., "Bobby Tables")

APIKeyInfo { createdBy }
createdBy?: Profile { metadata, spec }

Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS).

metadata: AccountResourceMetadata { id, accountId, name, 3 more }

AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace.

id: string

Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...")

accountId: string

Account this resource belongs to for multi-tenant isolation (prefixed ULID)

name: string

Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly

profileId: string
externalId?: string

External ID for the resource (e.g., a workflow ID from an external system)

labels?: Record<string, string>

Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"}

spec: ProfileSpec { type, email, name }

ProfileSpec contains the profile-specific fields

type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"

Type is the type of profile. User's are humans, API keys are computers. You know the deal.

formatenum
One of the following:
"PROFILE_TYPE_USER"
"PROFILE_TYPE_API_KEY"
"PROFILE_TYPE_SYSTEM"
email?: string

Email address of the user (required, unique per account)

name?: string

Display name for the user (e.g., "Bobby Tables")

APIKeySpec { token, description }

APIKeySpec contains the API Key-specific fields

token?: string

The actual token value (only returned on creation and rotation, read-only)

description?: string

Description of what this API Key is used for