Cloud

API keys

API keys authenticate database and control-plane requests.

Overview

Hosted application traffic should use database-scoped keys.

Keys are shown once and stored hashed at rest.

Database-scoped keys pin SQL and capability calls to a runtime branch and reject branch overrides.

For production-hardened environments, key creation can require expires_at as Unix epoch seconds so stale application credentials fail closed.

Developer notes

Rotate keys when a developer or deployment is offboarded.
Use one key per app environment.
Prefer database-scoped keys over project-wide keys.
Set an expiration for production keys and rotate before expires_at.
Never put API keys in browser code.

Create key

REST

POST /v1/control/api-keys
Authorization: Bearer <account-session-token>
Content-Type: application/json

{
  "project_id": "acme-support",
  "database_id": "db_acme_support_001",
  "name": "prod-server",
  "role": "developer",
  "expires_at": 1798761600
}

Examples

bash

# SYNAPSOR_API_KEY is the one-time key value copied when the key was created.
curl -fsS https://synapsor.ai/v1/control/auth/validate \
  -H "Content-Type: application/json" \
  --data '{"api_key":"'"$SYNAPSOR_API_KEY"'"}'