API Keys โ
API keys are the long-lived credential used for server-to-server and automation access to the S-Launch API. Each key carries an explicit set of scopes โ requests fail with 403 if the endpoint requires a scope the key does not hold.
Scopes โ
| Scope | Reach |
|---|---|
apikeys:read | Listing, reading API key records, viewing filters. |
apikeys:write | Minting and deleting keys; viewing the scope catalogue available to keys. |
Using an API Key โ
API keys are sent in the X-API-Key request header โ no Bearer prefix, no extra encoding.
curl "https://<tenant>.s-launch.com/api/store/asset/" \
-H "X-API-Key: sla_live_AbCdEfGh1234โฆ"await fetch('https://<tenant>.s-launch.com/api/store/asset/', {
headers: { 'X-API-Key': process.env.SLAUNCH_API_KEY },
})Most endpoints accept either OAuth2 or API-key auth (the OpenAPI security block lists both). Endpoints that take only OAuth2 are flagged in the relevant endpoint entry.
WARNING
API keys are bearer credentials โ anyone with the key can act with its scopes until the key is revoked. Store them in a secrets manager, never in source control, and rotate periodically.
Endpoints โ
List API Keys โ
GET /api/admin/api-keys/
Returns a page of API-key records (metadata only โ the raw key value is never returned after creation).
Required scope: apikeys:read ยท also accepts API key
Query parameters โ standard pagination set; see Conventions โบ Pagination. Defaults: sort_by=created, sort_order=desc, hydrate=true.
Response 200 โ ApiKeyInDbCursorPage
Get API Key Filter Metadata โ
GET /api/admin/api-keys/filters
Returns filter/operator/sort options for List API Keys.
Required scope: apikeys:read
Response 200 โ open metadata object.
Get API Key by ID โ
GET /api/admin/api-keys/{id}
Returns a single API-key record (metadata).
Required scope: apikeys:read ยท also accepts API key
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
id | string | yes | API key ID. |
Response 200 โ ApiKeyRead
Get Available API Key Scopes โ
GET /api/admin/api-keys/scopes
Returns the full catalogue of scopes that an API key can be granted. Used by the admin UI to populate the scope picker on the API-key creation form.
Required scope: apikeys:write
Response 200 โ list of scope identifiers.
Create API Key โ
POST /api/admin/api-keys/
Mints a new API key. The response includes the raw key value โ capture it immediately; it will not be retrievable later.
Required scope: apikeys:write
Request body โ ApiKeyWriteCreate โ supply the key's label, the scopes it should carry, and any optional expiry.
Response 201 โ ApiKeyReadCreate โ the key record plus the one-time raw key string.
WARNING
The raw key string is returned only on creation. If you lose it, you must delete the key record and mint a new one โ there is no way to retrieve the secret value afterward.
Delete API Key by ID โ
DELETE /api/admin/api-keys/{id}
Revokes an API key. The key stops working immediately.
Required scope: apikeys:write
Path parameters
| Name | Type | Required | Description |
|---|---|---|---|
id | string | yes | API key ID. |
Response 204 โ empty.
See also โ
- Authentication โ the OAuth2 alternative to API keys.
- Scopes โ the catalogue of capabilities a key can be granted.
- Scope Sets โ bundling scopes for reuse across keys and users.