API Keys
Create, list, and revoke API keys for SDK authentication.
API Keys
API keys authenticate the Checkrd SDK when sending telemetry and receiving control signals. Keys use a ck_live_ or ck_test_ prefix.
The API Key Object
json
{
"id": "01916b00-1234-5678-9abc-def012345678",
"org_id": "01916a3e-0000-0000-0000-000000000000",
"name": "production",
"description": "Used by the sales-agent SDK in prod",
"key_prefix": "ck_live_abc1",
"permissions": { "read": true, "write": true, "admin": false },
"last_used_at": "2026-04-12T09:15:00Z",
"expires_at": null,
"revoked_at": null,
"created_at": "2026-04-10T14:30:00Z"
}| Field | Type | Description |
|---|---|---|
id | UUID | Unique identifier. |
name | string | Display name. |
key_prefix | string | First characters of the key. The full key is only shown at creation. |
permissions | object | read, write, admin booleans. |
last_used_at | ISO 8601 or null | Last time the key was used to authenticate. |
expires_at | ISO 8601 or null | Expiration date, or null for no expiration. |
revoked_at | ISO 8601 or null | Revocation date, or null if active. |
Create an API Key
POST /v1/keysAuth: JWT (admin+)
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Display name for the key. |
description | string | No | Optional description. |
permissions | object | No | { read, write, admin } booleans. Defaults to read + write. |
expires_at | ISO 8601 | No | Expiration date. Omit for no expiration. |
bash
curl -X POST https://api.checkrd.io/v1/keys \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "production", "description": "Sales agent SDK"}'Response 201 Created
json
{
"id": "01916b00-1234-5678-9abc-def012345678",
"name": "production",
"key": "ck_live_abc123def456ghi789jkl012mno345",
"key_prefix": "ck_live_abc1"
}Store the key now
The key field contains the full API key and is only returned once. It cannot
be retrieved again. Copy it immediately.
Subject to plan tier key limits (Free: 2, Team: 20, Enterprise: unlimited).
List API Keys
GET /v1/keysAuth: JWT (viewer+)
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | integer | No | Results per page (default 20, max 100). |
cursor | UUID | No | Pagination cursor. |
bash
curl https://api.checkrd.io/v1/keys \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Response 200 OK -- Paginated list. The full key value is never included in list responses.
Revoke an API Key
DELETE /v1/keys/:key_idAuth: JWT (admin+)
bash
curl -X DELETE https://api.checkrd.io/v1/keys/01916b00-1234-... \
-H "Authorization: Bearer YOUR_JWT_TOKEN"Response 200 OK
json
{ "success": true }Revoked keys are immediately rejected on all subsequent requests. Any agents using this key will lose access.