API Keys Management

Create API Key

Create a new API key. The full key value is returned only in this response.

curl -X POST https://api.nanoterm.dev/api/keys \
  -H 'Authorization: Bearer nt_xxx' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "prod-coding-agent",
    "permission": "execute",
    "expiresInDays": 90
  }'

Request Body:

Field	Type	Required	Default	Description
`name`	string	yes	—	Human-readable name
`permission`	string	no	`execute`	`full`, `execute`, or `read`
`expiresInDays`	number	no	never	Days until expiration (1-365)

Response: 201 Created

{
  "id": "key_a1b2c3d4",
  "orgId": "org_x1y2z3",
  "name": "prod-coding-agent",
  "key": "nt_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0",
  "prefix": "nt_a1b2c3d4e5f6...",
  "permission": "execute",
  "createdAt": "2026-04-06T08:00:00.000Z",
  "expiresAt": "2026-07-05T08:00:00.000Z",
  "lastUsedAt": null,
  "revokedAt": null
}

warning

Copy the key field immediately. It will not be returned in any subsequent API call.

List API Keys

List all keys for the organization. Full key values are never returned.

curl https://api.nanoterm.dev/api/keys \
  -H 'Authorization: Bearer nt_xxx'

Response: 200 OK — Array of ApiKeyInfo (without key field)

Revoke API Key

Permanently revoke a key. It cannot be used for authentication after revocation.

curl -X DELETE https://api.nanoterm.dev/api/keys/key_a1b2c3d4 \
  -H 'Authorization: Bearer nt_xxx'

Response: 200 OK — The key info with revokedAt set

Create API Key​

List API Keys​

Revoke API Key​

Create API Key

List API Keys

Revoke API Key