API Keys API

Manage API keys for accessing BRDZ services. API keys are required for all API requests and provide authentication for your applications.

Generate SDK API Key (Public)

POST/api/keys/generate-sdk-key

Generate SDK API Key

Generate a new API key for SDK usage. This is a public endpoint that doesn't require authentication - perfect for getting started.

Parameters

provider_namestring

Name of your application or service (default: 'SDK Client')

Request Body

{
  "provider_name": "My Application"
}

Response

200API key generated successfully

{
  "success": true,
  "api_key": "f868a9cdc377916bcc33b93b5035f70b180df048b1d041e94d7f157c1464c4e7",
  "provider_name": "My Application",
  "created_at": "2024-01-15T10:30:00Z"
}

400Invalid request

{
  "success": false,
  "error": "Provider name too long (max 100 characters)"
}

curl -X POST https://api.brdz.link/api/keys/generate-sdk-key \
-H "Content-Type: application/json" \
-d '{"provider_name": "My Application"}'

Create SDK API Key (Authenticated)

POST/api/keys/sdk-key

Create SDK API Key

Create a new API key for authenticated users. This allows you to manage multiple API keys under your account.

Parameters

provider_namestring

Name of your application or service (default: 'SDK Client')

Request Body

{
  "provider_name": "Production App"
}

Response

200API key created successfully

{
  "success": true,
  "api_key": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0e1f2",
  "provider_name": "Production App",
  "user_id": 123,
  "created_at": "2024-01-15T10:30:00Z"
}

401Authentication required

{
  "success": false,
  "error": "Authentication required"
}

curl -X POST https://api.brdz.link/api/keys/sdk-key \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY" \
-d '{"provider_name": "Production App"}'

List API Keys

GET/api/keys/sdk-key

List API Keys

Get all API keys associated with your account. Only shows metadata, not the actual key values.

Response

200API keys retrieved successfully

{
  "success": true,
  "data": [
    {
      "api_key": "f868a9cdc377...e1f2",
      "provider_name": "Production App",
      "created_at": "2024-01-15T10:30:00Z",
      "last_used": "2024-01-15T15:45:00Z",
      "usage_count": 1523
    },
    {
      "api_key": "a1b2c3d4e5f6...d0e1f2",
      "provider_name": "Development",
      "created_at": "2024-01-10T08:20:00Z",
      "last_used": "2024-01-14T12:30:00Z",
      "usage_count": 234
    }
  ]
}

401Authentication required

{
  "success": false,
  "error": "Authentication required"
}

curl -X GET https://api.brdz.link/api/keys/sdk-key \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"

Delete API Key

DELETE/api/keys/sdk-key/{api_key}

Delete API Key

Permanently delete an API key. This action cannot be undone and will immediately invalidate the key.

Parameters

api_keystringrequired

The API key to delete (path parameter)

Response

200API key deleted successfully

{
  "success": true,
  "message": "API key deleted successfully",
  "deleted_key": "f868a9cdc377...e1f2"
}

401Authentication required

{
  "success": false,
  "error": "Authentication required"
}

404API key not found

{
  "success": false,
  "error": "API key not found or not owned by user"
}

curl -X DELETE "https://api.brdz.link/api/keys/sdk-key/f868a9cdc377916bcc33b93b5035f70b180df048b1d041e94d7f157c1464c4e7" \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "x-api-key: YOUR_API_KEY"

API Key Management Best Practices

Security Guidelines

1. Store Securely: Never commit API keys to version control
2. Environment Variables: Use environment variables for API keys
3. Rotate Regularly: Generate new keys periodically and delete old ones
4. Monitor Usage: Check API key usage in the dashboard
5. Principle of Least Privilege: Use separate keys for different environments

Environment Setup

# .env file
BRDZ_API_KEY=your_api_key_here
BRDZ_JWT_TOKEN=your_jwt_token_here

# React (.env.local)
REACT_APP_BRDZ_API_KEY=your_public_api_key_here

# Node.js
BRDZ_API_KEY=your_api_key_here

Usage in Code

// ✅ Good - Using environment variables
const apiKey = process.env.BRDZ_API_KEY;
const headers = {
  'x-api-key': apiKey,
  'Content-Type': 'application/json'
};

// ❌ Bad - Hardcoded API key
const headers = {
  'x-api-key': 'f868a9cdc377916bcc33b93b5035f70b180df048b1d041e94d7f157c1464c4e7',
  'Content-Type': 'application/json'
};

Key Rotation Workflow

1. Generate new API key with /keys/sdk-key
2. Update applications with new key
3. Test that applications work with new key
4. Delete old API key with /keys/sdk-key/{old_key}
5. Monitor for any failures

---

Getting Started

For quick setup, use the public /keys/generate-sdk-key endpoint. No authentication required!

Security Note

• API keys provide access to your BRDZ account
• Never share API keys publicly
• Delete unused API keys immediately
• Monitor API key usage regularly

Rate Limits

• Key generation: 5 new keys per hour
• Key listing: 100 requests per minute
• Key deletion: 10 deletions per minute