API Keys
API keys are the authentication tokens for the Machine API. Each key is scoped to a project and associated with a team member role.
Bootstrap
Section titled “Bootstrap”POST /machine/keys/bootstrap
No authentication required. Creates a new project along with the first API key and owner membership.
Request body
Section titled “Request body”{ "projectName": "my-project", "description": "Optional project description"}| Field | Type | Required | Description |
|---|---|---|---|
projectName | string | Yes | Name for the new project |
description | string | No | Project description |
Response 201
Section titled “Response 201”{ "projectId": "a1b2c3d4-...", "apiKeyId": "e5f6g7h8-...", "apiKey": "mk_1a2b3c4d5e6f...", "message": "Store this API key securely — it will not be shown again."}The apiKey is returned once. Store it securely.
Create an API key
Section titled “Create an API key”POST /machine/keys
Roles: owner admin
Generates a new API key for the current project.
Request body
Section titled “Request body”{ "label": "ci-pipeline", "role": "member"}| Field | Type | Default | Description |
|---|---|---|---|
label | string | null | Human-readable label |
role | string | "member" | Role: admin, member, or viewer |
You cannot create a key with the owner role.
Response 201
Section titled “Response 201”{ "apiKeyId": "a1b2c3d4-...", "apiKey": "mk_...", "role": "member", "message": "Store this API key securely — it will not be shown again."}Revoke an API key
Section titled “Revoke an API key”DELETE /machine/keys/:id
Roles: owner admin
Revokes an API key and removes the associated team membership. You cannot revoke your own key. The target key must belong to the same project.
Returns { "success": true } on success.