Orq.ai Documentation - AI Gateway & LLM Collaboration Platform

{ "api_key": { "api_key_id": "<string>", "name": "<string>", "owner": { "user": { "user_id": "<string>" }, "service_account": {} }, "project_scope": { "all": {}, "single": { "project_id": "<string>" } }, "token_prefix": "<string>", "created_at": "2023-11-07T05:31:56Z", "updated_at": "2023-11-07T05:31:56Z", "access": {}, "created_by_id": "<string>", "updated_by_id": "<string>", "last_used_at": "2023-11-07T05:31:56Z", "expires_at": "2023-11-07T05:31:56Z", "legacy_key_id": "<string>" }, "token": "<string>" }

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json

name

string

required

Human-readable name. Required.

owner

object

Owner attribution. Defaults to service_account when omitted.

Show child attributes

project_scope

object

Project authorization scope. Defaults to all-projects when omitted.

Show child attributes

permission_mode

enum<string>

Permission preset. Defaults to PERMISSION_MODE_ALL when omitted.

Available options:

PERMISSION_MODE_UNSPECIFIED,

PERMISSION_MODE_ALL,

PERMISSION_MODE_RESTRICTED,

PERMISSION_MODE_READ_ONLY

access

object

Per-domain access map. Required when permission_mode = PERMISSION_MODE_RESTRICTED. See ApiKey.access for the full catalog of valid keys (Domain.id) and AccessLevel string values, or fetch the live catalog via the capability catalog endpoint.

Show child attributes

expires_at

string<date-time>

Optional expiration. When set, the authenticate hot-path rejects the key once expires_at is in the past. Unset means the key never expires.

Response

200 - application/json

api_key

object

required

Newly minted api-key record.

Show child attributes

token

string

required

Raw bearer token in the form sk-orq-<api_key_id>-<secret>. Returned ONCE; the API never exposes this value again. Clients must persist it immediately on receipt.