API Keys

Create, list and revoke API keys used to authenticate requests to the HookSentry ingest endpoint.

Create API Key

POST /api/v1/apikeys

Generates a new API key for the authenticated tenant. The key must be sent in the X-Api-Key header on requests to the ingest endpoint.

Auth: Bearer token

Body

FieldTypeRequiredDescription
namestringYesDescriptive key name — max 100 characters

Key value shown only once:

The plain text key value is returned only in this response — store it securely, it cannot be retrieved again.

var request = new HttpRequestMessage(HttpMethod.Post, "https://api.hooksentry.com/api/v1/apikeys")
{
    Content = JsonContent.Create(new { name = "Production Key" })
};
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 201 Created — key created successfully, contains the plain text value
  • 400 Bad Request — invalid name
  • 401 Unauthorized — missing or invalid token
  • 404 Not Found — tenant not found
{
  "id": "1a2b3c4d-5e6f-4a7b-8c9d-0e1f2a3b4c5d",
  "name": "Production Key",
  "key": "hks_5f8a3b2c1d9e4f6a7b8c9d0e1f2a3b4c",
  "createdAt": "2026-07-03T14:32:00.000Z"
}

Get API Keys

GET /api/v1/apikeys

Returns a page of API keys belonging to the authenticated tenant. See Pagination & Filtering for the shared query parameters.

Auth: Bearer token

Filters (optional)

ParameterTypeDescription
IsActivebooleantrue for active, false for revoked
var request = new HttpRequestMessage(HttpMethod.Get,
    "https://api.hooksentry.com/api/v1/apikeys?Qt=10&Pg=1&CpOrd=id&TpOrd=Desc");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 200 OK — paginated list of API keys
  • 401 Unauthorized — missing or invalid token
{
  "total": 1,
  "items": [
    {
      "id": "1a2b3c4d-5e6f-4a7b-8c9d-0e1f2a3b4c5d",
      "name": "Production Key",
      "isActive": true,
      "createdAt": "2026-07-03T14:32:00.000Z",
      "revokedAt": null
    }
  ]
}

Revoke API Key

DELETE /api/v1/apikeys/{id}

Immediately revokes the key. It is invalidated in the Redis cache and can no longer authenticate ingest requests.

Auth: Bearer token

Path parameters

ParameterTypeDescription
idUUIDUUID of the API key to revoke
var request = new HttpRequestMessage(HttpMethod.Delete, $"https://api.hooksentry.com/api/v1/apikeys/{apiKeyId}");
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);

using var client = new HttpClient();
var response = await client.SendAsync(request);

Return codes

  • 200 OK — key revoked successfully
  • 401 Unauthorized — missing or invalid token
  • 403 Forbidden — key belongs to another tenant
  • 404 Not Found — key not found or already revoked
{
  "id": "1a2b3c4d-5e6f-4a7b-8c9d-0e1f2a3b4c5d",
  "name": "Production Key",
  "isActive": false,
  "createdAt": "2026-07-03T14:32:00.000Z",
  "revokedAt": "2026-07-03T16:00:00.000Z"
}