API Keys
Create and manage API keys for programmatic access
Key Format
All API keys use the sk- prefix followed by a random 32-character string. The full key is returned once on creation and never stored in plain text — Vrex stores only a SHA-256 hash. If you lose a key, revoke it and create a new one.
Endpoints
GET
/api/v1/api-keysList all API keys for the authenticated account. The raw key value is never returned.
200OK
{
"data": [
{
"id": "key_01jk2m3n4p",
"name": "My App",
"prefix": "sk-a1b2c3",
"last_used_at": "2026-01-14T08:22:11Z",
"expires_at": null,
"created_at": "2026-01-01T00:00:00Z"
}
]
}POST
/api/v1/api-keysCreate a new API key. The full key string is only included in this response — save it immediately.
Request body
| Name | Type | Required | Default | Description |
|---|---|---|---|---|
| name | string | Required | — | Human-readable label for the key (1–100 characters). |
| expires_at | string | Optional | null | ISO 8601 expiry timestamp. Omit for a non-expiring key. |
201Created
{
"id": "key_01jk2m3n4p",
"name": "My App",
"prefix": "sk-a1b2c3",
"key": "sk-a1b2c3xxxxxxxxxxxxxxxxxxxxxxxx",
"expires_at": null,
"created_at": "2026-01-15T10:00:00Z"
}DELETE
/api/v1/api-keys/:idPermanently revoke an API key. Any requests using this key will be rejected immediately.
204No Content — key revoked
Create Key Example
curl -X POST https://getvrex.com/api/v1/api-keys \
-H "Authorization: Bearer sk-your-api-key" \
-H "Content-Type: application/json" \
-d '{"name": "My App"}'