# API Keys ## List API keys `client.apiKeys.list(APIKeyListParamsquery?, RequestOptionsoptions?): CursorPagination` **get** `/v1/api_keys` Lists all API keys in the workspace ### Parameters - `query: APIKeyListParams` - `cursor?: string` Pagination cursor from previous response - `includeInfo?: boolean` When set to true you may use more of your alloted API rate-limit - `limit?: number` Maximum number of results to return - `prefix?: string` Filter expression (query param: prefix) - `sortOrder?: string` Sort order for results (asc or desc by creation time) ### Returns - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const apiKey of client.apiKeys.list()) { console.log(apiKey.metadata); } ``` #### Response ```json { "items": [ { "metadata": { "id": "id", "accountId": "accountId", "createdAt": "2019-12-27T18:11:19.117Z", "name": "name", "profileId": "profileId", "workspaceId": "workspaceId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "token": "token", "description": "description" }, "info": { "createdBy": { "metadata": { "id": "id", "accountId": "accountId", "name": "name", "profileId": "profileId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "type": "PROFILE_TYPE_USER", "email": "email", "name": "name" } } } } ], "pagination": { "nextCursor": "nextCursor", "total": 0 } } ``` ## Create a new API key `client.apiKeys.create(APIKeyCreateParamsbody, RequestOptionsoptions?): APIKey` **post** `/v1/api_keys` Creates a new API key in the workspace. ### Parameters - `body: APIKeyCreateParams` - `metadata: CreateResourceMetadata` CreateResourceMetadata contains the user-provided fields for creating a workspace-scoped resource. Read-only fields (id, account_id, workspace_id, profile_id, created_at) are excluded since they are set by the server. - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for ### Returns - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); const apiKey = await client.apiKeys.create({ metadata: { name: 'name' }, spec: {}, }); console.log(apiKey.metadata); ``` #### Response ```json { "metadata": { "id": "id", "accountId": "accountId", "createdAt": "2019-12-27T18:11:19.117Z", "name": "name", "profileId": "profileId", "workspaceId": "workspaceId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "token": "token", "description": "description" }, "info": { "createdBy": { "metadata": { "id": "id", "accountId": "accountId", "name": "name", "profileId": "profileId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "type": "PROFILE_TYPE_USER", "email": "email", "name": "name" } } } } ``` ## Get an API key by ID `client.apiKeys.retrieve(stringid, RequestOptionsoptions?): APIKey` **get** `/v1/api_keys/{id}` Retrieves an API key by ID from the workspace ### Parameters - `id: string` ### Returns - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); const apiKey = await client.apiKeys.retrieve('id'); console.log(apiKey.metadata); ``` #### Response ```json { "metadata": { "id": "id", "accountId": "accountId", "createdAt": "2019-12-27T18:11:19.117Z", "name": "name", "profileId": "profileId", "workspaceId": "workspaceId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "token": "token", "description": "description" }, "info": { "createdBy": { "metadata": { "id": "id", "accountId": "accountId", "name": "name", "profileId": "profileId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "type": "PROFILE_TYPE_USER", "email": "email", "name": "name" } } } } ``` ## Delete an API key `client.apiKeys.delete(stringid, RequestOptionsoptions?): void` **delete** `/v1/api_keys/{id}` Deletes an API key from the workspace ### Parameters - `id: string` ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); await client.apiKeys.delete('id'); ``` ## Update an API key `client.apiKeys.update(stringid, APIKeyUpdateParamsbody, RequestOptionsoptions?): APIKey` **patch** `/v1/api_keys/{id}` Updates an API key in the workspace ### Parameters - `id: string` - `body: APIKeyUpdateParams` - `metadata?: UpdateResourceMetadata` UpdateResourceMetadata contains the user-provided fields for updating a workspace-scoped resource. Read-only fields (id, account_id, workspace_id, profile_id, created_at) are excluded since they are set by the server. - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec?: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `updateMask?: string` Fields to update ### Returns - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); const apiKey = await client.apiKeys.update('id'); console.log(apiKey.metadata); ``` #### Response ```json { "metadata": { "id": "id", "accountId": "accountId", "createdAt": "2019-12-27T18:11:19.117Z", "name": "name", "profileId": "profileId", "workspaceId": "workspaceId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "token": "token", "description": "description" }, "info": { "createdBy": { "metadata": { "id": "id", "accountId": "accountId", "name": "name", "profileId": "profileId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "type": "PROFILE_TYPE_USER", "email": "email", "name": "name" } } } } ``` ## Rotate an API key `client.apiKeys.rotate(stringid, RequestOptionsoptions?): APIKey` **put** `/v1/api_keys/{id}/rotate` Rotates an API Key and returns a new token. All previous API Key tokens in use will be invalidated. ### Parameters - `id: string` ### Returns - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### Example ```typescript import Cadenya from '@cadenya/cadenya'; const client = new Cadenya({ apiKey: process.env['CADENYA_API_KEY'], // This is the default and can be omitted }); const apiKey = await client.apiKeys.rotate('id'); console.log(apiKey.metadata); ``` #### Response ```json { "metadata": { "id": "id", "accountId": "accountId", "createdAt": "2019-12-27T18:11:19.117Z", "name": "name", "profileId": "profileId", "workspaceId": "workspaceId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "token": "token", "description": "description" }, "info": { "createdBy": { "metadata": { "id": "id", "accountId": "accountId", "name": "name", "profileId": "profileId", "externalId": "externalId", "labels": { "foo": "string" } }, "spec": { "type": "PROFILE_TYPE_USER", "email": "email", "name": "name" } } } } ``` ## Domain Types ### API Key - `APIKey` APIKey represents a workspace-scoped API key. Each API key belongs to exactly one workspace, ensuring workspace isolation. Authentication is handled via Cadenya-issued JWTs signed with the key's own signing secret. - `metadata: ResourceMetadata` Standard metadata for persistent, named resources (e.g., agents, tools, prompts) - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "agent_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `createdAt: string` Timestamp when this resource was created - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` ID of the actor (user or service account) that created this resource - `workspaceId: string` Workspace this resource belongs to for organizational grouping (prefixed ULID) - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for - `info?: APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### API Key Info - `APIKeyInfo` - `createdBy?: Profile` Profile represents a human user at the account level. Profiles are account-scoped resources that can be associated with multiple workspaces through the Actor model. Authentication for profiles is handled via SSO/OAuth (WorkOS). - `metadata: AccountResourceMetadata` AccountResourceMetadata is used to represent a resource that is associated to an account but not to a workspace. - `id: string` Unique identifier for the resource (prefixed ULID, e.g., "apikey_01HXK...") - `accountId: string` Account this resource belongs to for multi-tenant isolation (prefixed ULID) - `name: string` Human-readable name for the resource (e.g., "Customer Support Agent", "Email Tool") Required for resources that users interact with directly - `profileId: string` - `externalId?: string` External ID for the resource (e.g., a workflow ID from an external system) - `labels?: Record` Arbitrary key-value pairs for categorization and filtering Examples: {"environment": "production", "team": "platform", "version": "v2"} - `spec: ProfileSpec` ProfileSpec contains the profile-specific fields - `type: "PROFILE_TYPE_USER" | "PROFILE_TYPE_API_KEY" | "PROFILE_TYPE_SYSTEM"` Type is the type of profile. User's are humans, API keys are computers. You know the deal. - `"PROFILE_TYPE_USER"` - `"PROFILE_TYPE_API_KEY"` - `"PROFILE_TYPE_SYSTEM"` - `email?: string` Email address of the user (required, unique per account) - `name?: string` Display name for the user (e.g., "Bobby Tables") ### API Key Spec - `APIKeySpec` APIKeySpec contains the API Key-specific fields - `token?: string` The actual token value (only returned on creation and rotation, read-only) - `description?: string` Description of what this API Key is used for