Module
Keys, scopes, limits — under control.
Give customers their own API keys, control permissions per key and revoke anytime.
The problem
You don't want to build this yourself.
If you sell an API, customers need their own keys — with permissions and the ability to revoke instantly. Florentin manages the whole lifecycle.
- Generate, hash and issue keys securely
- Enforce per-key permissions
- Block compromised keys instantly
Features
What API keys & access does
✓
Customer-owned keysak_… per customer, shown once.
✓
PermissionsgrantedPermissions per key.
✓
Label & typeFreely named, keyType settable.
✓
Masked previewkeyPreview (ak••••last4).
✓
StatusActive or revoked.
✓
RevokeRevoke instantly.
How it works
In three steps
Issue a key
Per customer, with label and permissions.
Save once
The secret (ak_…) is shown only at creation.
Revoke
Set status to revoked — blocked instantly.
In detail
Specifications
EndpointPOST /customers/{id}/api-keys
Felderlabel · keyType · grantedPermissions
Secretak_… · shown once
VorschaukeyPreview (ak••••last4)
Statusactive · revocable
POST /api/v1/customers/{customerId}/api-keys
{
"label": "Production key",
"keyType": "personal",
"grantedPermissions": []
}
← 201 { "uuid": "…", "label": "Production key",
"keyPreview": "ak••••••••a1b2",
"secret": "ak_3f9c2a7b4e1d8c6f0a9b2c5d7e4f1a8b", // einmalig sichtbar
"keyType": "personal", "status": "active" }FAQ
Frequently asked
Can I see the key plaintext again?
No — the plaintext is shown only once at creation, then stored hashed only.
Can the customer rotate keys themselves?
Yes, right in the customer portal.
Build your product. We'll handle the rest.
All integrated — auth, billing, credits, portal, access. Stripe fully included.
Start free →