API Keys

Base URL: https://api.inboxical.com/v1

Create an API key

POST /inboxes/keys

Creates a new API key for the authenticated user. The raw key is returned once in the response — store it securely.

Request body (optional JSON)

Field	Type	Description
`name`	string	Human-readable label (default: `"Default"`)

Example

curl -X POST https://api.inboxical.com/v1/inboxes/keys \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{ "name": "CI key" }'

Response 201

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "CI key",
  "key": "ixk_live_abc123...",
  "prefix": "ixk_live_abc1",
  "created_at": "2026-03-21T12:00:00Z",
  "message": "Store this key securely — it cannot be retrieved again."
}

Errors

Status	Reason
`403`	API key limit reached for your plan
`429`	Rate limited (max 10 requests per minute)

List API keys

GET /inboxes/keys

Returns all API keys for the authenticated user. Only the key prefix is shown — the full key is never returned after creation.

Example

curl https://api.inboxical.com/v1/inboxes/keys \
  -H "Authorization: Bearer $JWT_TOKEN"

Response 200

{
  "keys": [
    {
      "id": "550e8400-e29b-41d4-a716-446655440000",
      "name": "CI key",
      "key_prefix": "ixk_live_abc1",
      "last_used_at": "2026-03-21T14:30:00Z",
      "created_at": "2026-03-21T12:00:00Z"
    }
  ]
}

Delete an API key

DELETE /inboxes/keys/:keyId

Permanently revokes the API key. Any requests using this key will immediately receive 401 responses.

Example

curl -X DELETE https://api.inboxical.com/v1/inboxes/keys/550e8400-e29b-41d4-a716-446655440000 \
  -H "Authorization: Bearer $JWT_TOKEN"

Response 200

{
  "message": "API key deleted"
}

Errors

Status	Reason
`404`	Key not found or does not belong to you

API key limits by plan

Plan	Max API keys
Free	1
Starter	3
Pro	10
Business	50