API Key Management

Manage Your API Keys

Introduction

API Keys can be managed via the Skylark API using the following queries:

createApiKey
updateApiKey
deleteApiKey
listApiKeys

API Key Management Permissions

🚧

To manage API keys you must be using a key with the KEY_MANAGEMENT permissions.

It is not permitted to apply updates to the key you are using.

Create API Key

The createApiKey mutation takes the following input:

  • api_key.name: The name of the API key, this name must be unique and contain only letters, numbers and underscores.
  • api_key.permissions: An array of permissions assigned to the key. Values for these permissions are defined in the SkylarkAPIPermission enum.
  • api_key.active: Whether the key is enabled as a boolean value. By default, new keys are always active.
  • api_key.expires: The optional expiry of the key as a ISO formatted date-time string. When this time is reached, the key will be automatically deleted. By default, this value is null, meaning the key will not expire.

📘

Viewing newly created API key

The api_key field returned by the createApiKey mutation is the only time the API key will be returned to you!

If you are generating an API key via the API, be sure to make a note of this value as you won't be able to access it again.

Example API key create mutation:

mutation {
  createApiKey(
    api_key: {
      name: "POWER_USER", 
      permissions: [READ, WRITE, IGNORE_AVAILABILITY, TIME_TRAVEL]
      expires: "2024-12-31T11:59:00Z"
    }) {
    api_key
    name
  }
}

Update API Key

The updateApiKey mutation takes the following input:

  • name: The unique name of the API key being updated
  • api_key.name: The name of the API key, this name must be unique and contain only letters, numbers and underscores.
  • api_key.permissions: An array of permissions assigned to the key. Values for these permissions are defined in the SkylarkAPIPermission enum.
  • api_key.active: Whether the key is enabled as a boolean value. By default, new keys are always active.
  • api_key.expires: The optional expiry of the key as a ISO formatted date-time string. When this time is reached, the key will be automatically deleted. By default, this value is null, meaning the key will not expire.

Example API key update mutation:

mutation {
  updateApiKey(
    name: "POWER_USER", 
    api_key: {
    	active: false
    }
  ) {
    name
    active
  }
}

Delete API Key

The deleteApiKey takes the following input:

  • name: The unique name of the API key being deleted

❗️

This function will fully delete an API key!

Ensure the API key is not being used anywhere before deleting it.

It is advisable to deactivate the key first via the updateApiKey mutation to validate if the key is in active use.

List API Keys

This query can be used to list existing API keys:

query {
  listApiKeys {
    api_key
    name
    expires
    created
    active
  }
}