API Keys
List and revoke API keys across your organization. These endpoints are intended for security automation — for example, revoking keys belonging to a compromised account.
To create API keys interactively, navigate to the Developer Console at /developer on your Nomic instance.
All API key management endpoints require admin scopes — the API key owner must be an organization admin.
List API keys
GET /api-keys
Returns a paginated list of API keys in the organization.
Scope: admin:api-keys:read · Rate limit: Standard (300 req / min)
Query parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | string | No | Maximum number of results per page. |
cursor | string | No | Pagination cursor from a previous response's nextCursor. |
userId | string | No | Filter to keys owned by a specific user ID. |
includeRevoked | string | No | Set to "true" to include revoked keys. Omit or "false" to exclude them. |
Response
{
"data": [
{
"id": "019abc12-3456-7890-abcd-ef1234567890",
"keyPrefix": "npk_abc12",
"name": "CI/CD Pipeline",
"scopes": ["developer:parse", "developer:files"],
"createdAt": "2026-02-01T10:00:00.000Z",
"lastUsedAt": "2026-04-04T18:30:00.000Z",
"expiresAt": null,
"revokedAt": null,
"user": {
"id": "019abc12-3456-7890-abcd-ef1234567891",
"email": "alice@example.com"
}
}
],
"nextCursor": "019abc12-3456-7890-abcd-ef1234567899",
"totalCount": 15
}
| Field | Type | Description |
|---|---|---|
id | string (uuid) | API key ID. |
keyPrefix | string | First characters of the key (e.g. npk_abc12). The full key is never returned. |
name | string | Display name given when the key was created. |
scopes | string[] | Scopes granted to this key. |
createdAt | string (ISO 8601) | When the key was created. |
lastUsedAt | string (ISO 8601) or null | Last time the key was used. |
expiresAt | string (ISO 8601) or null | Expiration date, or null if the key does not expire. |
revokedAt | string (ISO 8601) or null | When the key was revoked, or null if active. |
user | object | Owner of the key (id and email). |
Example
curl "https://<your-domain>.nomic.ai/api/v0/api-keys?includeRevoked=true" \
-H "Authorization: Bearer $NOMIC_API_KEY"
Revoke an API key
POST /api-keys/{id}/revoke
Permanently revokes an API key. Revoked keys cannot be restored. The action is recorded in the audit log.
Scope: admin:api-keys:write · Rate limit: Write (60 req / min)
Path parameters
| Parameter | Type | Description |
|---|---|---|
id | string (uuid) | API key ID. |
Request body (optional)
| Field | Type | Description |
|---|---|---|
reason | string | Reason for revoking (recorded in audit log). |
Response
{
"success": true,
"apiKey": {
"id": "019abc12-3456-7890-abcd-ef1234567890",
"keyPrefix": "npk_abc12",
"revokedAt": "2026-04-05T12:00:00.000Z"
}
}
Errors
| Status | Cause |
|---|---|
401 | Missing or invalid API key. |
403 | API key lacks admin:api-keys:write scope, or key owner is not an admin. |
404 | API key not found. |
409 | Key is already revoked. |
Example
curl -X POST "https://<your-domain>.nomic.ai/api/v0/api-keys/019abc12-3456-7890-abcd-ef1234567890/revoke" \
-H "Authorization: Bearer $NOMIC_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "reason": "Rotating credentials" }'