API keys

Use api-keys to create, list, revoke, and delete API keys for the authenticated user. Supported actions: all, list, create, revoke, delete.

Authentication model

API key management endpoints require a session token (JWT). You cannot manage API keys using another API key.

List API keys

Retrieves all API keys for the authenticated user. Both all and list return the same result.

resource

string

required

Must be "api-keys".

action

string

required

"all" or "list".

Response

success

boolean

data

object

Show properties

api_keys

object[]

Show key properties

string

name

string

key_prefix

string

First 8 characters of the key (for display).

is_active

boolean

last_used_at

string | null

created_at

string

revoked_at

string | null

count

number

const response = await ApiService.invoke<{
  api_keys: ApiKey[];
  count: number;
}>({
  resource: "api-keys",
  action: "all",
});

Create API key

Creates a new API key. The full key is returned once in the response and cannot be retrieved again.

resource

string

required

Must be "api-keys".

action

string

required

Must be "create".

data

object

required

Show properties

name

string

required

Display name for the key (e.g. "Production").

Response (status 201)

success

boolean

data

object

Show properties

api_key

object

Show properties

string

name

string

key_prefix

string

key

string

The full API key. Returned only at creation time. Store it securely.

is_active

boolean

last_used_at

string | null

created_at

string

revoked_at

string | null

const response = await ApiService.invoke<{ api_key: ApiKey }>(
  {
    resource: "api-keys",
    action: "create",
    data: { name: "Production" },
  },
  201
);

// Save response.api_key.key — it won't be shown again

Revoke API key

Revokes a key immediately. Any subsequent requests using the revoked key will return 401.

resource

string

required

Must be "api-keys".

action

string

required

Must be "revoke".

string

required

The API key ID to revoke.

Response

success

boolean

data

object

Show properties

success

boolean

message

string

"API key revoked successfully"

curl -s -X PATCH https://api.helpgenie.ai/v1/api-keys/KEY_UUID \
  -H "Authorization: Bearer <session_token>"

Delete API key

Permanently deletes an API key record.

resource

string

required

Must be "api-keys".

action

string

required

Must be "delete".

string

required

The API key ID to delete.

Response

success

boolean

data

object

Show properties

success

boolean

message

string

"API key deleted permanently"

curl -s -X DELETE https://api.helpgenie.ai/v1/api-keys/KEY_UUID \
  -H "Authorization: Bearer <session_token>"

Using API keys

Once created, pass your API key on every request:

Authorization: Bearer hg_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6

or:

X-API-Key: hg_live_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6

API keys inherit the same permissions as the user who created them.

Operational limits

Maximum 5 active keys per user.
Rate limit of 60 requests/minute per key.

Error responses

Status	Code	Description
400	`VALIDATION_ERROR`	Maximum 5 active API keys allowed. Revoke an existing key first.
401	`INVALID_TOKEN`	Invalid or revoked API key
429	`RATE_LIMIT_EXCEEDED`	Rate limit exceeded

Overview

Agents

Knowledge

Voice

CRM

Marketplace

Platform

Telephony

Worker genies

Expanded Platform

Authentication model

List API keys

Response

Create API key

Response (status 201)

Revoke API key

Response

Delete API key

Response

Using API keys

Operational limits

Error responses

Overview

Agents

Knowledge

Voice

CRM

Marketplace

Platform

Telephony

Worker genies

Expanded Platform

​Authentication model

​List API keys

​Response

​Create API key

​Response (status 201)

​Revoke API key

​Response

​Delete API key

​Response

​Using API keys

​Operational limits

​Error responses

Authentication model

List API keys

Response

Create API key

Response (status 201)

Revoke API key

Response

Delete API key

Response

Using API keys

Operational limits

Error responses