Operator Api

API keys

Manage operator API keys through the operator API.

API keys

Manage operator API keys used by backend services.

Paths

GET /api/operator/api-keys
POST /api/operator/api-keys
POST /api/operator/api-keys/{id}/revoke

Required scopes

api_keys:read
api_keys:write

Create request

{
  "name": "backend-prod",
  "scopes": ["launch:write", "users:read", "markets:read"]
}

Create response

token is returned once.

{
  "item": {
    "id": 1,
    "name": "backend-prod",
    "key_id": "oak_...",
    "key_prefix": "op_live",
    "scopes": ["launch:write", "users:read", "markets:read"],
    "last4": "abcd",
    "revoked_at": null,
    "created_at": "2026-06-18T00:00:00.000Z",
    "updated_at": "2026-06-18T00:00:00.000Z"
  },
  "token": "op_live_..."
}

List response fields

id
name
key_id
key_prefix
scopes
last4
last_used_at
last_used_ip
last_used_user_agent
revoked_at
created_at
updated_at

Rules

["*"] grants full scope.
Invalid scopes -> 400 INVALID_SCOPES
Empty name -> 400 INVALID_NAME
Unknown revoke target -> 404 NOT_FOUND
Raw token must never be persisted outside secret storage.

Edit this pageorReport an issue

Error codes

Common error codes returned by the operator-facing API surface.

Session

Inspect the current operator API key session context.