API Keys

Manage API keys

List API keys

get

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Responses

200

List of API keys (keys are masked)

application/json

idstring · uuidOptional

namestringOptionalExample: Production API Key

key_prefixstringOptional

First 12 characters of the key

Example: kros_live_abc1

allowed_ipsstring[]OptionalExample: ["192.168.1.0/24"]

requests_24hintegerOptionalExample: 1250

requests_30dintegerOptionalExample: 35000

expires_atstring · date-time · nullableOptional

last_used_atstring · date-time · nullableOptional

revoked_atstring · date-time · nullableOptional

organization_idstring · uuidOptional

created_atstring · date-timeOptional

401

Unauthorized - Invalid or missing API key

application/json

get

/api-keys

GET /v1/api-keys HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

[
  {
    "id": "990e8400-e29b-41d4-a716-446655440004",
    "name": "Production API Key",
    "key_prefix": "kros_live_abc1",
    "scopes": [
      "calls:read",
      "calls:write",
      "numbers:read"
    ],
    "requests_24h": 1250,
    "requests_30d": 35000,
    "created_at": "2024-01-01T00:00:00Z",
    "last_used_at": "2024-01-15T10:30:00Z"
  }
]

Create API key

post

Creates a new API key. The full key is only returned once in this response and cannot be retrieved again.

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Body

namestring · max: 100Required

allowed_ipsstring[]Optional

IP addresses or CIDR ranges allowed to use this key

expires_atstring · date-time · nullableOptional

Responses

201

API key created

application/json

400

Bad request - Invalid parameters or request body

application/json

401

Unauthorized - Invalid or missing API key

application/json

post

/api-keys

POST /v1/api-keys HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 163

{
  "name": "Backend Integration",
  "scopes": [
    "calls:read",
    "calls:write",
    "numbers:read"
  ],
  "allowed_ips": [
    "192.168.1.0/24",
    "10.0.0.1"
  ],
  "expires_at": "2025-01-01T00:00:00Z"
}

{
  "id": "990e8400-e29b-41d4-a716-446655440004",
  "name": "Backend Integration",
  "key_prefix": "kros_live_xyz9",
  "full_key": "kros_live_xyz9abcdef1234567890abcdef",
  "scopes": [
    "calls:read",
    "calls:write",
    "numbers:read"
  ],
  "created_at": "2024-01-15T10:30:00Z"
}

Get API key details

get

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Path parameters

idstring · uuidRequired

API key UUID

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Responses

200

API key details (key is masked)

application/json

idstring · uuidOptional

namestringOptionalExample: Production API Key

key_prefixstringOptional

First 12 characters of the key

Example: kros_live_abc1

allowed_ipsstring[]OptionalExample: ["192.168.1.0/24"]

requests_24hintegerOptionalExample: 1250

requests_30dintegerOptionalExample: 35000

expires_atstring · date-time · nullableOptional

last_used_atstring · date-time · nullableOptional

revoked_atstring · date-time · nullableOptional

organization_idstring · uuidOptional

created_atstring · date-timeOptional

404

Resource not found

application/json

get

/api-keys/{id}

GET /v1/api-keys/{id} HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Production API Key",
  "key_prefix": "kros_live_abc1",
  "scopes": [
    "calls:read"
  ],
  "allowed_ips": [
    "192.168.1.0/24"
  ],
  "requests_24h": 1250,
  "requests_30d": 35000,
  "expires_at": "2026-03-20T13:52:21.943Z",
  "last_used_at": "2026-03-20T13:52:21.943Z",
  "revoked_at": "2026-03-20T13:52:21.943Z",
  "organization_id": "123e4567-e89b-12d3-a456-426614174000",
  "created_at": "2026-03-20T13:52:21.943Z"
}

Revoke API key

delete

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Path parameters

idstring · uuidRequired

API key UUID

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Responses

204

API key revoked

404

Resource not found

application/json

delete

/api-keys/{id}

DELETE /v1/api-keys/{id} HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

No content

Update API key

patch

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Path parameters

idstring · uuidRequired

API key UUID

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Body

namestring · max: 100Optional

scopesstring[]Optional

allowed_ipsstring[]Optional

expires_atstring · date-time · nullableOptional

statusstring · enumOptionalPossible values:

Responses

200

API key updated

application/json

idstring · uuidOptional

namestringOptionalExample: Production API Key

key_prefixstringOptional

First 12 characters of the key

Example: kros_live_abc1

allowed_ipsstring[]OptionalExample: ["192.168.1.0/24"]

requests_24hintegerOptionalExample: 1250

requests_30dintegerOptionalExample: 35000

expires_atstring · date-time · nullableOptional

last_used_atstring · date-time · nullableOptional

revoked_atstring · date-time · nullableOptional

organization_idstring · uuidOptional

created_atstring · date-timeOptional

400

Bad request - Invalid parameters or request body

application/json

404

Resource not found

application/json

patch

/api-keys/{id}

PATCH /v1/api-keys/{id} HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 83

{
  "name": "Updated Key Name",
  "scopes": [
    "calls:read",
    "numbers:read",
    "analytics:read"
  ]
}

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Production API Key",
  "key_prefix": "kros_live_abc1",
  "scopes": [
    "calls:read"
  ],
  "allowed_ips": [
    "192.168.1.0/24"
  ],
  "requests_24h": 1250,
  "requests_30d": 35000,
  "expires_at": "2026-03-20T13:52:21.943Z",
  "last_used_at": "2026-03-20T13:52:21.943Z",
  "revoked_at": "2026-03-20T13:52:21.943Z",
  "organization_id": "123e4567-e89b-12d3-a456-426614174000",
  "created_at": "2026-03-20T13:52:21.943Z"
}

Regenerate API key

post

Regenerates the API key, invalidating the old one. The new full key is only returned once.

Authorizations

AuthorizationstringRequired

API key in format kros_live_xxxx for production or kros_test_xxxx for testing. Also accepts JWT tokens from Supabase Auth for dashboard sessions.

Alternative: You can also use the x-api-key header instead of Authorization Bearer.

Path parameters

idstring · uuidRequired

API key UUID

Header parameters

x-organization-idstring · uuidOptional

Organization UUID for multi-tenant context. Falls back to user's first organization if not provided.

Responses

200

API key regenerated

application/json

idstring · uuidOptional

namestringOptionalExample: Production API Key

key_prefixstringOptional

First 12 characters of the key

Example: kros_live_abc1

allowed_ipsstring[]OptionalExample: ["192.168.1.0/24"]

requests_24hintegerOptionalExample: 1250

requests_30dintegerOptionalExample: 35000

expires_atstring · date-time · nullableOptional

last_used_atstring · date-time · nullableOptional

revoked_atstring · date-time · nullableOptional

organization_idstring · uuidOptional

created_atstring · date-timeOptional

full_keystringOptional

The new full API key (only shown once)

404

Resource not found

application/json

post

/api-keys/{id}/regenerate

POST /v1/api-keys/{id}/regenerate HTTP/1.1
Host: api.krosai.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Production API Key",
  "key_prefix": "kros_live_abc1",
  "scopes": [
    "calls:read"
  ],
  "allowed_ips": [
    "192.168.1.0/24"
  ],
  "requests_24h": 1250,
  "requests_30d": 35000,
  "expires_at": "2026-03-20T13:52:21.943Z",
  "last_used_at": "2026-03-20T13:52:21.943Z",
  "revoked_at": "2026-03-20T13:52:21.943Z",
  "organization_id": "123e4567-e89b-12d3-a456-426614174000",
  "created_at": "2026-03-20T13:52:21.943Z",
  "full_key": "text"
}

PreviousOutbound Calls NextWebhooks

Last updated 18 days ago

Good afternoon

hashtagList API keys

hashtagCreate API key

hashtagGet API key details

hashtagRevoke API key

hashtagUpdate API key

hashtagRegenerate API key

List API keys

Create API key

Get API key details

Revoke API key

Update API key

Regenerate API key