API Keys

Create and manage knowledge-base credentials.

All endpoints require the dashboard X-Clerk-User-Id header.

Create API key

POST/kbs/{kb_id}/api-keys

curl

curl -X POST https://api.docubix.com/kbs/{kb_id}/api-keys -H "X-Clerk-User-Id: your_clerk_user_id" \
  -H "Content-Type: application/json" \
  -d '{"name": "Production", "environment": "live"}'

json

{
  "id": "...",
  "name": "Production",
  "api_key": "rag_live_..."
}

The full api_key is returned once at creation. Store it immediately.

List API keys

GET/kbs/{kb_id}/api-keys

Returns key metadata including prefix, active status, and last used time — not the secret value.

Revoke API key

PATCH/api-keys/{key_id}/revoke

Deactivates the key. Existing integrations stop working.

json

{
  "success": true
}

Delete API key

DELETE/api-keys/{key_id}

Security best practices

Never expose keys in frontend code or client-side bundles.
Store keys in server environment variables.
Revoke keys immediately if compromised.
Use separate keys per environment or application.
Rotate keys periodically for production workloads.