sk_live_...) are the primary credential for the
ThunderPhone REST API. They are secret — treat them like a
password. Each key is bound to exactly one organization; when an API
call authenticates with a key, we look up the bound org automatically,
which is why the rest of this reference never asks for an org id in
the URL path.
This page documents the endpoints for creating, listing, and
revoking keys — the same operations the dashboard exposes at
Settings → Keys. You can create your first key from the
dashboard without ever using this API.
Endpoints
| Method | Path | Required role | Description |
|---|---|---|---|
GET | /v1/developer/api-keys | admin+ | List API keys |
POST | /v1/developer/api-keys | admin+ | Create a new API key |
DELETE | /v1/developer/api-keys/{key_id} | admin+ | Revoke an API key |
API key object
| Field | Type | Description |
|---|---|---|
id | UUID | Public id used by the revoke endpoint |
name | string | Display label |
key_prefix | string | First 15 chars of the raw key for UI display (always sk_live_ + 7 hex chars). The full key is NOT returned after creation |
is_active | boolean | false once the key is revoked |
created_at | timestamp | |
last_used_at | timestamp | null | Updated best-effort on every successful request |
revoked_at | timestamp | null | If set, the key is revoked and will no longer authenticate |
List API keys
created_at descending.
Create an API key
| Field | Type | Required | Description |
|---|---|---|---|
name | string | no | Display label, 1–120 chars. Defaults to "Default key" |
201 Created with the API key object plus
an extra top-level key field containing the raw sk_live_ value:
Revoke an API key
204 No Content. Revoked keys are permanently invalidated —
all future requests using the key return 401 Unauthorized. You
cannot un-revoke; create a new key instead.
You can revoke the key you’re currently using, but do it from a
different key or your revoke call will succeed and then your next
call will fail.
Related
Authentication
How
sk_live_ keys are attached to requests.Publishable Keys
Public
pk_live_ keys for the widget — different lifecycle.