ApiKey
The `ApiKey` entity.
Definition
TypeScript
interface ApiKey {
id: string;
workspaceId: string;
type: "private" | "public" | "session";
name: string;
keyHint: string;
expiresAt: string | null;
createdBy: string;
ownerUserId: string | null;
createdAt: string;
lastUsedAt: string | null;
scopes?:
| {
operations?: Array<string> | undefined;
entityIds?: Array<string> | undefined;
}
| null
| undefined;
}Fields
| Field | Type | Notes |
|---|---|---|
id | string | readonly required |
workspaceId | string | required — Workspace this key belongs to. |
type | "private" | "public" | "session" | required — Key type — 'private' for server-side use, 'public' for clients. |
name | string | required — Human-readable label for the key. |
keyHint | string | required — Last few characters of the key, safe to display for identification. |
expiresAt | string | null | required — ISO-8601 timestamp after which the key is rejected; null = no expiry. |
createdBy | string | required — User who issued the key. |
ownerUserId | string | null | required — User this key authenticates as — what verifyApiKey returns as the caller identity. Null falls back to createdBy. Splitting owner from creator lets a workspace admin issue keys that act as the workspace's headless service user (or any other workspace member) without losing the creator audit trail. |
createdAt | string | readonly required — ISO-8601 timestamp of creation. |
lastUsedAt | string | null | required — ISO-8601 timestamp of the most recent successful use. |
scopes | { operations?: Array<string> | undefined; entityIds?: Array<string> | undefined; } | null | undefined | optional — Restricts what this key may do; null/empty means full access within its key type. |