Documentation Index Fetch the complete documentation index at: https://devkit4ai.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Create a new developer key for API authentication with developer-level permissions. Each developer account can maintain up to 10 active keys for different applications, environments, or team members.
The full key value is returned only once in the creation response. Store it securely - it cannot be retrieved later. If you lose the key, you must create a new one and revoke the old key.
Authentication Requires valid JWT token with developer role and an existing active developer key.
Bearer JWT access token obtained from login
Existing active developer key for authentication (format: ak_ + 32 characters)
Must be set to application/json
Request Body Optional descriptive name for the key (max 100 characters). Examples: “Production API”, “Staging Environment”, “CI/CD Pipeline”, “Team Member - John”
Response Unique identifier (UUID) for the newly created developer key
Descriptive name for the key (empty string if not provided)
Full developer key - shown only once! Format: ak_ + 32 URL-safe characters (alphanumeric, hyphen, underscore)
First 8 characters of the key for identification (e.g., ak_abc12)
Key status - always true for newly created keys
ISO 8601 timestamp when the key was created
Example Request curl -X POST https://api.vibecoding.ad/api/v1/auth/developer-keys \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \ -H "X-User-Role: developer" \ -H "X-Developer-Key: ak_existing_key_here_12345678901" \ -H "Content-Type: application/json" \ -d '{ "name": "Production API" }'
Request Without Name curl -X POST https://api.vibecoding.ad/api/v1/auth/developer-keys \ -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..." \ -H "X-User-Role: developer" \ -H "X-Developer-Key: ak_existing_key_here_12345678901" \ -H "Content-Type: application/json" \ -d '{}'
Example Response { "id" : "550e8400-e29b-41d4-a716-446655440000" , "name" : "Production API" , "key" : "ak_abc123XYZ-_789def456ghi012jkl345" , "key_prefix" : "ak_abc12" , "is_active" : true , "created_at" : "2025-12-08T10:30:00Z" }
(((REPLACE_THIS_WITH_IMAGE: developer-key-created-success.png: Success message showing newly created developer key with copy button and security warning to store it securely)))
Prefix: ak_ (API Key - provides developer-level access)Structure: ak_ + 32 URL-safe characters (a-z, A-Z, 0-9, hyphen, underscore)Example: ak_abc123XYZ-_789def456ghi012jkl345Total Length: 35 characters (3-char prefix + 32-char random key)Security Properties
Cryptographically Random : Generated using secure random number generatorSHA-256 Hashing : Keys are hashed with SHA-256 before database storagePrefix Identification : Only first 8 characters (key_prefix) stored for UI displayOne-Time Display : Full key returned only in creation responseRevocable : Can be deactivated immediately via DELETE endpoint
Key Limits Each developer account has a maximum limit of 10 active developer keys . If you reach this limit, you must revoke unused keys before creating new ones.
Error When Limit Reached { "detail" : "Maximum number of developer keys (10) reached. Please revoke unused keys." }
Use Cases Environment-Specific Keys Create separate keys for each deployment environment:
interface KeyConfig { name : string ; environment : 'production' | 'staging' | 'development' ; } async function createEnvironmentKey ( config : KeyConfig , jwtToken : string , existingKey : string ) : Promise < string > { const response = await fetch ( 'https://api.vibecoding.ad/api/v1/auth/developer-keys' , { method: 'POST' , headers: { 'Authorization' : `Bearer ${ jwtToken } ` , 'X-User-Role' : 'developer' , 'X-Developer-Key' : existingKey , 'Content-Type' : 'application/json' }, body: JSON . stringify ({ name: ` ${ config . environment . toUpperCase () } - ${ config . name } ` }) } ); const data = await response . json (); // Store securely in environment-specific config console . log ( `Created ${ config . environment } key: ${ data . key_prefix } ` ); console . log ( `IMPORTANT: Save this key securely: ${ data . key } ` ); return data . key ; } // Usage await createEnvironmentKey ( { name: 'API Server' , environment: 'production' }, jwtToken , existingKey );
Team Member Keys Create individual keys for team members:
async function provisionTeamMemberKey ( memberName : string , jwtToken : string , adminKey : string ) { const response = await fetch ( 'https://api.vibecoding.ad/api/v1/auth/developer-keys' , { method: 'POST' , headers: { 'Authorization' : `Bearer ${ jwtToken } ` , 'X-User-Role' : 'developer' , 'X-Developer-Key' : adminKey , 'Content-Type' : 'application/json' }, body: JSON . stringify ({ name: `Team Member - ${ memberName } ` }) } ); const data = await response . json (); // Send key securely to team member (encrypted email, password manager, etc.) return { key: data . key , keyId: data . id , createdAt: data . created_at }; }
Key Rotation Workflow Implement automated key rotation:
async function rotateKey ( oldKeyId : string , keyName : string , jwtToken : string , currentKey : string ) : Promise < string > { // Step 1: Create new key const createResponse = await fetch ( 'https://api.vibecoding.ad/api/v1/auth/developer-keys' , { method: 'POST' , headers: { 'Authorization' : `Bearer ${ jwtToken } ` , 'X-User-Role' : 'developer' , 'X-Developer-Key' : currentKey , 'Content-Type' : 'application/json' }, body: JSON . stringify ({ name: ` ${ keyName } (Rotated)` }) } ); const newKey = await createResponse . json (); // Step 2: Update application configuration with new key await updateApplicationConfig ( newKey . key ); // Step 3: Verify new key works await testKeyAuthentication ( newKey . key ); // Step 4: Revoke old key await fetch ( `https://api.vibecoding.ad/api/v1/auth/developer-keys/ ${ oldKeyId } ` , { method: 'DELETE' , headers: { 'Authorization' : `Bearer ${ jwtToken } ` , 'X-User-Role' : 'developer' , 'X-Developer-Key' : newKey . key // Use new key to revoke old one } } ); console . log ( `Key rotation complete: ${ oldKeyId } → ${ newKey . id } ` ); return newKey . key ; }
Security Best Practices Immediate Storage Required : Copy and securely store the full key immediately after creation. The API will never display the full key again.
Recommended Practices
Secure Storage : Store keys in environment variables, secrets managers (AWS Secrets Manager, HashiCorp Vault), or password managers - never in code repositories
Descriptive Naming : Use clear names indicating purpose and environment (e.g., “Production API v2”, “Staging - Mobile App”)
Regular Rotation : Rotate keys every 90 days or when team members leave
Principle of Least Privilege : Create separate keys for different applications/services rather than sharing one key
Immediate Revocation : Revoke keys immediately if compromised or no longer needed
Audit Trail : Document key creation, distribution, and revocation in your security logs
What NOT to Do ❌ Store keys in code repositories or version control
Error Responses Maximum Keys Reached (400) { "detail" : "Maximum number of developer keys (10) reached. Please revoke unused keys." }
Unauthorized (401) { "detail" : "Could not validate credentials" }
Invalid or missing JWT token.
Forbidden (403) { "detail" : "Insufficient permissions" }
User role is not developer or developer key is invalid/revoked.
Invalid Request Body (422) { "detail" : [ { "loc" : [ "body" , "name" ], "msg" : "ensure this value has at most 100 characters" , "type" : "value_error.any_str.max_length" } ] }
Related Pages
List Developer Keys View all active developer keys
Revoke Developer Key Deactivate keys immediately
Cloud Admin UI Guide Create keys via web interface
Security Practices Key management best practices
The access token received from the authorization server in the OAuth 2.0 flow.
Request payload for creating a new developer key
Maximum string length: 255
Response payload for newly created developer key (includes full key)
created_at
string<date-time>
required
