jackdocs

API Keys

Create, list, and revoke API keys for your organisation. Use one key per environment — separate keys for dev, staging, and production.

POST/v1/keys

Generate a new API key. The full key value is returned exactly once — store it immediately in your secrets manager. It cannot be retrieved again.

Request body

json
{
  "label": "production"
}

Request

python
response = httpx.post(
    "https://api.usejack.io/v1/keys",
    headers={"Authorization": "Bearer jack_xxxxxxxx"},
    json={"label": "production"}
)

data = response.json()
print(data["key"])  # shown ONCE — save it immediately
bash
curl -X POST https://api.usejack.io/v1/keys \
  -H "Authorization: Bearer jack_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{"label": "production"}'

Response

json
{
  "id":         "8818951c-ba83-4e50-b23e-571cffc61a45",
  "key":        "jack_8f760b495f2ee3a92f6554f517882f583189d4ada07dffea",
  "prefix":     "jack_8f760b495f2",
  "label":      "production",
  "org_id":     "your-org-id",
  "created_at": "2026-06-12T14:24:37Z"
}

The key field is returned only once. Store it securely in an environment variable or secrets manager before closing this response. If you lose it, revoke the key and generate a new one.

GET/v1/keys

List all API keys for your organisation. Only the key prefix is returned — never the full key.

Request

python
response = httpx.get(
    "https://api.usejack.io/v1/keys",
    headers={"Authorization": "Bearer jack_xxxxxxxx"}
)

for key in response.json():
    print(key["prefix"], key["label"], key["created_at"])
bash
curl https://api.usejack.io/v1/keys \
  -H "Authorization: Bearer jack_xxxxxxxx"

Response

json
[
  {
    "id":           "8818951c-ba83-4e50-b23e-571cffc61a45",
    "prefix":       "jack_8f760b495f2",
    "label":        "production",
    "org_id":       "your-org-id",
    "created_at":   "2026-06-12T14:24:37Z",
    "last_used_at": "2026-06-13T09:15:02Z",
    "revoked_at":   null
  }
]
DELETE/v1/keys/{key_id}

Revoke an API key immediately. Any subsequent request using the revoked key returns403 Forbidden. This action is irreversible.

Request

python
response = httpx.delete(
    "https://api.usejack.io/v1/keys/8818951c-ba83-4e50-b23e-571cffc61a45",
    headers={"Authorization": "Bearer jack_xxxxxxxx"}
)

print(response.status_code)  # 200
bash
curl -X DELETE https://api.usejack.io/v1/keys/8818951c-ba83-4e50-b23e-571cffc61a45 \
  -H "Authorization: Bearer jack_xxxxxxxx"

Use the key's id (UUID) for revocation — not the prefix or label. Find the ID from GET /v1/keys.

← PREVIOUSDocumentsNEXT →Usage