API keys

Give external agents scoped, revocable access.

API keys remain available for legacy and headless integrations. New interactive agents should use device authorization so operators do not need to copy a permanent key.

Create

Generate a key from Settings or the API.

The returned secret is shown once. Vera stores only a hash plus display metadata.

Create API key
$ curl -X POST https://api-vera.symph.ai/v1/api-keys \
>   -H "Authorization: Bearer vwk_live_..." \
>   -H "Content-Type: application/json" \
>   -d '{
>     "name": "Production agent",
>     "scopes": ["api"]
>   }'

List

Inspect active and retired key metadata.

Key metadata is safe for settings and audit surfaces. The secret itself is never returned again after creation.

List API keys
$ curl https://api-vera.symph.ai/v1/api-keys \
>   -H "Authorization: Bearer vwk_live_..."

Manage

Revoke or delete retired keys.

Revoke a key to disable access immediately. Delete the record when it no longer needs to appear in settings.

Revoke key
$ curl -X POST https://api-vera.symph.ai/v1/api-keys/key_01hx7g2n8w:revoke \
>   -H "Authorization: Bearer vwk_live_..."

$ curl -X DELETE https://api-vera.symph.ai/v1/api-keys/key_01hx7g2n8w \
>   -H "Authorization: Bearer vwk_live_..."