Dev API Keys
Dev API keys are project-scoped credentials used by the SkyState SDK during local development. They allow the SDK to write configuration to the development environment without requiring the user to complete an interactive GitHub OAuth login.
Key properties:
- Scoped to a single project
- Can only write to the
developmentenvironment (enforced server-side) - The plaintext key is only returned once at creation time; the server stores only a SHA-256 hash
- Keys can be revoked without deleting them (soft-revocation via
revokedAttimestamp)
Object: DevApiKey (list view)
{
"devApiKeyId": "550e8400-e29b-41d4-a716-446655440000",
"projectId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"name": "laptop-dev",
"keyPrefix": "sk_dev_abc1",
"createdAt": "2025-01-15T10:30:00.000Z",
"lastUsedAt": "2025-01-20T08:00:00.000Z",
"revokedAt": null
}| Field | Type | Description |
|---|---|---|
devApiKeyId | UUID | Unique key ID |
projectId | UUID | Project this key is scoped to |
name | string | Human-readable label for the key |
keyPrefix | string | First few characters of the plaintext key (for identification) |
createdAt | ISO 8601 datetime | When the key was created |
lastUsedAt | ISO 8601 datetime or null | Last time the key was used to authenticate |
revokedAt | ISO 8601 datetime or null | When the key was revoked; null means still active |
Create Dev API Key
Generates a new dev API key for the specified project. The full plaintext key is returned in the response body and is shown only once.
POST /api/admin/projects/{projectId}/dev-keysAuth: Authorization: Bearer <token>
Path parameters:
| Parameter | Type | Description |
|---|---|---|
projectId | UUID | Project to create the key for |
Request body:
{
"name": "laptop-dev"
}| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | A label to identify this key (e.g. the machine name) |
Response: 200 OK
{
"devApiKeyId": "550e8400-e29b-41d4-a716-446655440000",
"projectId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"name": "laptop-dev",
"keyPrefix": "sk_dev_abc1",
"createdAt": "2025-01-15T10:30:00.000Z",
"key": "sk_dev_abc123xyz..."
}| Field | Type | Description |
|---|---|---|
devApiKeyId | UUID | Unique key ID |
projectId | UUID | Project the key is scoped to |
name | string | Key label |
keyPrefix | string | First few characters of the key (for identification in list views) |
createdAt | ISO 8601 datetime | Creation timestamp |
key | string | The full plaintext key — store this securely, it is not retrievable again |
Responses:
| Status | Description |
|---|---|
200 | Key created — plaintext key in response body |
404 | Project not found |
500 | Unexpected error |
Important: Copy and store the key value immediately. The server discards the plaintext key after responding; subsequent list calls return only the keyPrefix for identification.
Example:
curl -X POST https://app.skystate.io/api/admin/projects/7c9e6679-7425-40de-944b-e07fc1f90ae7/dev-keys \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d '{"name":"laptop-dev"}'List Dev API Keys
Returns all dev API keys for a project, including revoked keys.
GET /api/admin/projects/{projectId}/dev-keysAuth: Authorization: Bearer <token>
Path parameters:
| Parameter | Type | Description |
|---|---|---|
projectId | UUID | Project ID |
Response: 200 OK — array of DevApiKeyListItem objects.
[
{
"devApiKeyId": "550e8400-e29b-41d4-a716-446655440000",
"projectId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"name": "laptop-dev",
"keyPrefix": "sk_dev_abc1",
"createdAt": "2025-01-15T10:30:00.000Z",
"lastUsedAt": "2025-01-20T08:00:00.000Z",
"revokedAt": null
}
]Responses:
| Status | Description |
|---|---|
200 | Returns array of key list items |
404 | Project not found |
Example:
curl https://app.skystate.io/api/admin/projects/7c9e6679-7425-40de-944b-e07fc1f90ae7/dev-keys \
-H "Authorization: Bearer <token>"Revoke Dev API Key
Marks a dev API key as revoked. The key immediately stops authenticating. Revocation is permanent — revoked keys cannot be re-activated.
DELETE /api/admin/dev-keys/{devApiKeyId}Auth: Authorization: Bearer <token>
Path parameters:
| Parameter | Type | Description |
|---|---|---|
devApiKeyId | UUID | The key ID to revoke |
Responses:
| Status | Description |
|---|---|
204 | Revoked |
404 | Key not found |
Example:
curl -X DELETE https://app.skystate.io/api/admin/dev-keys/550e8400-e29b-41d4-a716-446655440000 \
-H "Authorization: Bearer <token>"Using a Dev API Key
Pass the key in the Authorization header with the DevKey prefix:
Authorization: DevKey sk_dev_abc123...Dev keys are only valid on the PATCH /api/dev/{accountSlug}/{projectSlug}/config/development endpoint. Attempting to use a dev key on admin endpoints, or targeting any environment other than development, returns 403 Forbidden.
See Config — Dev Config Endpoint for the full endpoint documentation.