Projects & API Keys
POST /projects
Creates a new project and generates its first API key.
No authentication required — this is the bootstrap endpoint.
Request
POST /projects
Content-Type: application/jsonjson
{ "name": "my-project" }name: 1–100 characters
Response — 201 Created
json
{
"success": true,
"data": {
"project": {
"id": "550e8400-e29b-41d4-a716-446655440000",
"name": "my-project",
"created_at": "2026-03-03T12:00:00.000Z",
"updated_at": "2026-03-03T12:00:00.000Z"
},
"apiKey": "sk_a1b2c3d4e5f6..."
},
"error": null,
"meta": { "timestamp": "2026-03-03T12:00:00.000Z" }
}Store the key immediately
apiKey is returned once only. It is never stored in plaintext. If lost, revoke it and create a new project or additional key.
DELETE /projects/:projectId/keys/:keyId
Revokes an API key. The key is immediately invalidated in both KV and D1.
Authentication required — only the owning project's key can revoke its own keys.
Request
DELETE /projects/550e8400-.../keys/key-id-here
Authorization: Bearer sk_...Response — 200 OK
json
{
"success": true,
"data": { "revoked": true },
"error": null,
"meta": { "timestamp": "2026-03-03T12:00:00.000Z" }
}Response — 404 Not Found
json
{
"success": false,
"data": null,
"error": { "code": "NOT_FOUND", "message": "API key not found" },
"meta": { "timestamp": "..." }
}Response — 403 Forbidden
Returned if the authenticated project does not own the key being revoked.
json
{
"success": false,
"data": null,
"error": { "code": "UNAUTHORIZED", "message": "Key does not belong to this project" },
"meta": { "timestamp": "..." }
}