Skip to main content

Obtaining an API Key

API keys are managed from your Minotaur account. The endpoints in this section require a session token (Bearer <session_token>).

Generate a Key​

POST /api/api-key/generate
Authorization: Bearer <session_token>
Content-Type: application/json
{
  "name": "My Integration",
  "expiration": 30
}

Accepted values for expiration: 7, 30, 90, 365.

List Keys​

GET /api/api-key
Authorization: Bearer <session_token>

Returns key records, never the raw key value.

Update or Rotate a Key​

PATCH /api/api-key/update/:id
Authorization: Bearer <session_token>
Content-Type: application/json

This operation can update name and/or expiration, and it issues a new key. The previous key stops working immediately.

Revoke a Key​

PATCH /api/api-key/revoke/:id
Authorization: Bearer <session_token>

Revocation is permanent and cannot be undone.

Important Notes​

  • Key values are shown only once after generate/rotate.
  • Save keys in a secure secret manager.
  • Rotate keys to change permissions.