API Keys

Create, list, retrieve, revoke and delete API keys for programmatic access to FonProxy.

Updated 2026-04-09 16:13:00

For authentication headers, API keys, and common error format see API General.

Authentication via API Key

Endpoints protected by the API Key guard accept the key in two ways:

# Via header
curl https://api.fonproxy.io/some-endpoint \
  -H "x-api-key: fnp_a1b2c3d4e5f6..."
 
# Via query param
curl "https://api.fonproxy.io/some-endpoint?apikey=fnp_a1b2c3d4e5f6..."

The API key authenticates as the user who created it. All permissions and roles apply.

API Key Management

Create API Key Auth required

POST /api-keys

Create a new API key. The raw key is returned ONLY in this response — store it securely.

The key can also be retrieved later via the Retrieve Key endpoint.

Request Body

Name	Type	Description	Required
`name`	`string`	Human-readable label for the key	Yes
`expiresAt`	`string`	ISO date — when the key expires. `null` = never	No

Response

{
  "apiKey": {
    "id": "k5Xz9qR2Wp",
    "name": "My Script",
    "prefix": "fnp_a1b2",
    "key": "fnp_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef12345678",
    "isActive": true,
    "lastAccessAt": null,
    "expiresAt": "2027-01-01T00:00:00.000Z",
    "createdAt": "2026-03-20T10:00:00.000Z"
  },
  "message": "api_key.created"
}

List API Keys Auth required

GET /api-keys

List all API keys for the current user.

key is null for keys created before encryption storage was added.

Response

{
  "apiKeys": [
    {
      "id": "k5Xz9qR2Wp",
      "name": "My Script",
      "prefix": "fnp_a1b2",
      "key": "fnp_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef12345678",
      "isActive": true,
      "lastAccessAt": "2026-03-20T14:30:00.000Z",
      "expiresAt": "2027-01-01T00:00:00.000Z",
      "createdAt": "2026-03-20T10:00:00.000Z"
    },
    ...
  ]
}

Retrieve Key Auth required

GET /api-keys/:id/key

Retrieve the stored raw key for an existing API key.

key may be null for keys created before this feature was added.

Response

{
  "id": "k5Xz9qR2Wp",
  "key": "fnp_a1b2c3d4e5f6789012345678901234567890abcdef1234567890abcdef12345678"
}

Revoke API Key Auth required

PATCH /api-keys/:id/revoke

Revoke (deactivate) an API key. The key stops working immediately.

Response

{ "message": "api_key.revoked" }

Delete API Key Auth required

DELETE /api-keys/:id

Permanently delete an API key.

Response

{ "message": "api_key.deleted" }

Error Codes

For the general error format see API General.

Error key	HTTP	Description
`api_key.invalid`	401	Key is missing, incorrect, revoked, or expired
`api_key.not_found`	404	Key ID not found or doesn't belong to user
`api_key.name_required`	400	Name field is empty

API Reference

Copy page as Markdown for AI / LLM