Admin API

API key management for multi-tenant deployments.

Admin endpoints require an admin API key. Contact [email protected] for access.

POST /admin/api-keys

Create a new API key for a customer.

Request

{
  "customer_id": "string",
  "tier": "pilot|growth|enterprise",
  "description": "string"
}

Field

Type

Required

Description

customer_id

string

✅

Customer identifier

tier

string

✅

Pricing tier

description

string

❌

Key description

Response

{
  "api_key": "athena_live_abc123...",
  "customer_id": "cust_xyz",
  "tier": "enterprise",
  "rate_limit": 1000,
  "created_at": "2025-12-25T10:00:00Z"
}

Security: The api_key is shown only once. Store it securely before responding to the user.

Tier Rate Limits

Tier

Requests/min

Burst

pilot

100

150

growth

500

750

enterprise

1000

1500

Example

curl -X POST https://api.athenatrust.ai/v1/admin/api-keys \
  -H "Authorization: Bearer YOUR_ADMIN_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "customer_id": "cust_xyz",
    "tier": "enterprise",
    "description": "Production API key"
  }'

GET /admin/api-keys

List all API keys.

Response

{
  "api_keys": [
    {
      "id": "key_123",
      "customer_id": "cust_xyz",
      "tier": "enterprise",
      "description": "Production API key",
      "created_at": "2025-12-25T10:00:00Z",
      "last_used": "2025-12-25T11:00:00Z",
      "request_count_30d": 45678,
      "status": "active"
    }
  ]
}

Example

curl https://api.athenatrust.ai/v1/admin/api-keys \
  -H "Authorization: Bearer YOUR_ADMIN_KEY"

DELETE /admin/api-keys/:id

Revoke an API key immediately.

Response

{
  "revoked": true,
  "revoked_at": "2025-12-25T12:00:00Z"
}

Example

curl -X DELETE https://api.athenatrust.ai/v1/admin/api-keys/key_123 \
  -H "Authorization: Bearer YOUR_ADMIN_KEY"

POST /admin/api-keys/:id/rotate

Rotate an API key with grace period.

Response

{
  "new_api_key": "athena_live_def456...",
  "old_key_valid_until": "2025-12-26T10:00:00Z"
}

Grace Period: Old key remains valid for 24 hours to allow seamless migration.

Example

curl -X POST https://api.athenatrust.ai/v1/admin/api-keys/key_123/rotate \
  -H "Authorization: Bearer YOUR_ADMIN_KEY"

SDK Examples

JavaScript

import { Athena } from '@athena-ai/sdk';

const athena = new Athena({ apiKey: 'YOUR_ADMIN_KEY' });

// Create API key
const newKey = await athena.admin.apiKeys.create({
  customerId: 'cust_xyz',
  tier: 'enterprise',
  description: 'Production key'
});

console.log(`API Key: ${newKey.apiKey}`);

// List all keys
const keys = await athena.admin.apiKeys.list();

// Rotate key
const rotated = await athena.admin.apiKeys.rotate('key_123');
console.log(`New key: ${rotated.newApiKey}`);
console.log(`Old key valid until: ${rotated.oldKeyValidUntil}`);

// Revoke key
await athena.admin.apiKeys.revoke('key_123');

Python

from athena import Athena

athena = Athena(api_key='YOUR_ADMIN_KEY')

# Create API key
new_key = athena.admin.api_keys.create(
    customer_id='cust_xyz',
    tier='enterprise',
    description='Production key'
)

print(f"API Key: {new_key.api_key}")

# List all keys
keys = athena.admin.api_keys.list()

# Rotate key
rotated = athena.admin.api_keys.rotate('key_123')
print(f"New key: {rotated.new_api_key}")
print(f"Old key valid until: {rotated.old_key_valid_until}")

# Revoke key
athena.admin.api_keys.revoke('key_123')

Best Practices

Rotate keys quarterly — Regular rotation limits exposure if a key is compromised
Use descriptive names — Include environment (prod/staging) in description
Monitor usage — Check request_count_30d and last_used for anomalies
Separate environments — Use different keys for dev/staging/production
Revoke immediately — If a key may be compromised, revoke it right away

Audit Trail

All admin actions are logged:

Event

Fields Logged

api_key.created

Customer ID, tier, admin user

api_key.rotated

Key ID, admin user

api_key.revoked

Key ID, admin user, reason

Access audit logs via the Dashboard or contact [email protected].

Next: JavaScript SDK

PreviousSystem Monitoring NextJavaScript SDK

Last updated 1 month ago

Good morning

hashtagPOST /admin/api-keys

hashtagRequest

hashtagResponse

hashtagTier Rate Limits

hashtagExample

hashtagGET /admin/api-keys

hashtagResponse

hashtagExample

hashtagDELETE /admin/api-keys/:id

hashtagResponse

hashtagExample

hashtagPOST /admin/api-keys/:id/rotate

hashtagResponse

hashtagExample

hashtagSDK Examples

hashtagJavaScript

hashtagPython

hashtagBest Practices

hashtagAudit Trail

POST /admin/api-keys

Request

Response

Tier Rate Limits

Example

GET /admin/api-keys

Response

Example

DELETE /admin/api-keys/:id

Response

Example

POST /admin/api-keys/:id/rotate

Response

Example

SDK Examples

JavaScript

Python

Best Practices

Audit Trail