API keys

POST /api/v1/api-keys/verify

Verify an API key and return the associated customer, organization, and project. Request headers: 
Authorization: Bearer kv_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Response: 
{
  "customer_id": "uuid",
  "project_id": "uuid",
  "organization_id": "uuid",
  "permissions": ["write"]
}

POST /api/v1/api-keys

Create a new API key for the active project. Request body: 
{
  "name": "CI upload key"
}
Response: 
{
  "api_key": "kv_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "hint": "Store this key now; it will not be shown again."
}
The response returns the raw key once. Store it immediately.

GET /api/v1/api-keys

List API keys for the active project. Response: 
{
  "keys": [
    {
      "id": "uuid",
      "project_id": "uuid",
      "name": "CI upload key",
      "permissions": ["write"],
      "expires_at": "2027-06-15T00:00:00Z",
      "last_used_at": null,
      "created_at": "2026-06-15T00:00:00Z"
    }
  ]
}

DELETE /api/v1/api-keys/{id}

Revoke an API key. Returns 204 No Content on success. 
curl -X DELETE \
  -H "Authorization: Bearer kv_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" \
  https://api.kvcachestore.com/api/v1/api-keys/<KEY_ID>
Revoked keys are rejected immediately.