API Keys

List API keys

GET/api/v1/keys

Lists all API keys in the selected organization, visible to every member of it. Secrets are never returned; only a short suffix is shown to help identify each key. Requires an interactive (JWT) session: an API key cannot list keys. Use the X-Organization-Id header to choose the organization; otherwise the caller's default organization is used.

Header parameters

X-Organization-Idstring

Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used.

Returns

objectstringrequired

dataarrayrequired

Show child attributes

idstring · uuidrequired

apiKeySuffixstringrequired

Last few characters of the secret, to help identify the key

namestringnullable

Human-readable label for the key

createdAtstring · date-timerequired

lastUsedAtstring · date-timenullable

When the key was last used; null if never used

Request

curl https://api.mobilenexthq.com/api/v1/keys \
  -X GET \
  -H 'Authorization: Bearer mob_...'

Response

All API keys in the selected organization

{
  "object": "list",
  "data": [
    {
      "id": "string",
      "apiKeySuffix": "a1b",
      "name": "string",
      "createdAt": "2026-01-01T00:00:00Z",
      "lastUsedAt": "2026-01-01T00:00:00Z"
    }
  ]
}

Create an API key

POST/api/v1/keys

Creates a new API key in the selected organization and returns its secret. The full secret is shown only once, in this response; it is never retrievable again.

Requires an interactive (JWT) session: an API key cannot create another API key. Use the X-Organization-Id header to choose which organization the new key belongs to.

Header parameters

X-Organization-Idstring

Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used.

Body parameters

namestringrequired

Human-readable label for the key

Returns

A newly created API key. apiKey is the full secret and is returned only here, only once.

idstring · uuidrequired

apiKeystringrequired

The full secret, starting with mob_. Shown once; store it now.

namestringrequired

createdAtstring · date-timerequired

Request

curl https://api.mobilenexthq.com/api/v1/keys \
  -X POST \
  -H 'Authorization: Bearer mob_...' \
  -H 'Content-Type: application/json' \
  -d '{"name":"CI pipeline"}'

Response

API key created; the full secret is returned once in apiKey

{
  "id": "string",
  "apiKey": "mob_a1b2c3...",
  "name": "string",
  "createdAt": "2026-01-01T00:00:00Z"
}

Delete an API key

DELETE/api/v1/keys/{id}

Permanently deletes an API key in the organization. Any key in the organization can be deleted (not only the caller's own). Requires an interactive (JWT) session: an API key cannot delete keys. Requires a read/write or admin role; read-only members cannot delete keys. Use the X-Organization-Id header to choose the organization; otherwise the caller's default organization is used.

Path parameters

idstring · uuidrequired

API key id

Header parameters

X-Organization-Idstring

Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used.

Request

curl https://api.mobilenexthq.com/api/v1/keys/{id} \
  -X DELETE \
  -H 'Authorization: Bearer mob_...'

Response

API key deleted

// No response body