Admin API

API key management for multi-tenant deployments.

Admin endpoints require an admin API key. Contact [email protected] for access.

POST /admin/api-keys

Create a new API key for a customer.

Request

{
  "customer_id": "string",
  "tier": "pilot|growth|enterprise",
  "description": "string"
}
Field
Type
Required
Description

customer_id

string

Customer identifier

tier

string

Pricing tier

description

string

Key description

Response

{
  "api_key": "athena_live_abc123...",
  "customer_id": "cust_xyz",
  "tier": "enterprise",
  "rate_limit": 1000,
  "created_at": "2025-12-25T10:00:00Z"
}

Security: The api_key is shown only once. Store it securely before responding to the user.

Tier Rate Limits

Tier
Requests/min
Burst

pilot

100

150

growth

500

750

enterprise

1000

1500

Example

GET /admin/api-keys

List all API keys.

Response

Example

DELETE /admin/api-keys/:id

Revoke an API key immediately.

Response

Example

POST /admin/api-keys/:id/rotate

Rotate an API key with grace period.

Response

Grace Period: Old key remains valid for 24 hours to allow seamless migration.

Example

SDK Examples

JavaScript

Python

Best Practices

  1. Rotate keys quarterly — Regular rotation limits exposure if a key is compromised

  2. Use descriptive names — Include environment (prod/staging) in description

  3. Monitor usage — Check request_count_30d and last_used for anomalies

  4. Separate environments — Use different keys for dev/staging/production

  5. Revoke immediately — If a key may be compromised, revoke it right away

Audit Trail

All admin actions are logged:

Event
Fields Logged

api_key.created

Customer ID, tier, admin user

api_key.rotated

Key ID, admin user

api_key.revoked

Key ID, admin user, reason

Access audit logs via the Dashboard or contact [email protected].

Next: JavaScript SDK

PreviousSystem MonitoringNextJavaScript SDK

Last updated