> ## Documentation Index
> Fetch the complete documentation index at: https://docs.withgiga.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys

> Create, list, and revoke API keys

# API Keys

API keys authenticate your requests to `api.withgiga.ai`. Keys begin with `giga_sk_` followed by 32 hex characters. They are workspace-scoped and rotatable without downtime.

<Warning>
  API keys are shown in full only once at creation. Store them securely — in an environment variable or secrets manager, never in source control.
</Warning>

***

## Create a key

`POST /api/keys`

**Body**

```json theme={null}
{
  "name": "Production backend"
}
```

| Field  | Type   | Description                  |
| ------ | ------ | ---------------------------- |
| `name` | string | A label to identify this key |

**Response (201)**

```json theme={null}
{
  "success": true,
  "data": {
    "key": {
      "id": "key_abc123",
      "name": "Production backend",
      "secret": "giga_sk_a1b2c3d4e5f6...",
      "createdAt": "2024-03-16T12:00:00.000Z"
    }
  }
}
```

<Note>
  The `secret` field is returned only on creation. You cannot retrieve it again — if lost, revoke the key and create a new one.
</Note>

***

## List keys

`GET /api/keys`

**Response (200)**

```json theme={null}
{
  "success": true,
  "data": {
    "keys": [
      {
        "id": "key_abc123",
        "name": "Production backend",
        "lastUsedAt": "2024-03-16T12:00:00.000Z",
        "createdAt": "2024-03-16T12:00:00.000Z"
      }
    ]
  }
}
```

Note that `secret` is not returned in list responses — only metadata.

***

## Revoke a key

Immediately invalidates the key. Any in-flight requests using this key will fail.

`DELETE /api/keys/{id}`

**Response (200)**

```json theme={null}
{
  "success": true,
  "message": "API key revoked"
}
```

***

## Key rotation

To rotate a key with zero downtime:

1. Create a new key via `POST /api/keys`
2. Update your application to use the new key
3. Verify the new key is working
4. Revoke the old key via `DELETE /api/keys/{id}`
