​

API Keys, Usage, and Billing Helpers

​

Endpoints

​

API key lifecycle

• GET /api/workspaces/:workspaceId/api-keys
• POST /api/workspaces/:workspaceId/api-keys
• PUT /api/workspaces/:workspaceId/api-keys/:keyId
• DELETE /api/workspaces/:workspaceId/api-keys/:keyId

​

Workspace helper reads

• GET /api/workspaces/:workspaceId/usage
• GET /api/workspaces/:workspaceId/billing

​

Auth, scopes, and feature gates

• API-key lifecycle routes are session-only and reject API-key auth.
• Permission family:
  • api_keys:read, api_keys:create, api_keys:update, api_keys:delete
• API key creation/update/delete require API-access entitlement (apiAccess feature).
• Helper reads require billing:read.

​

Create API key payload

{
  "name": "CI integration",
  "scopes": ["links:read", "links:create"],
  "rateLimit": 1200,
  "expiresAt": "2026-12-31T23:59:59.000Z"
}

• name is required.
• scopes defaults to link CRUD scopes if omitted.
• Invalid scopes return INVALID_SCOPES.
• rateLimit is clamped to 100..10000.
• expiresAt must be valid ISO date string if provided.
• Plan limits are enforced before creation.
• Concurrent create requests can return 409 CONCURRENT_REQUEST.

• Plain API key value is returned only on creation.

​

Update API key payload

{
  "name": "CI integration (rotated)",
  "enabled": true,
  "rateLimit": 2000
}

• name
• enabled
• rateLimit

​

Usage helper response shape

• usage: links, rules, domains, campaigns, pixels, apiKeys, clicks
• limits: current plan limits
• credits: balance/included/used cycle micros
• plan: plan tier

​

Billing helper response shape

​

Common errors

• 400: invalid name/scopes/rateLimit/expiresAt
• 403: missing permission or feature gate, plan limit exceeded
• 404: API key/workspace not found
• 409: concurrent create lock or state conflict