# API Keys ## List API keys[​](#list-api-keys "Direct link to List API keys") GET/api/v1/keys Lists all API keys in the selected organization, visible to every member of it. Secrets are never returned; only a short suffix is shown to help identify each key. Requires an interactive (JWT) session: an API key cannot list keys. Use the X-Organization-Id header to choose the organization; otherwise the caller's default organization is used. Header parameters `X-Organization-Id`string Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used. Returns `object`stringrequired `data`arrayrequired Show child attributes `id`string · uuidrequired `apiKeySuffix`stringrequired Last few characters of the secret, to help identify the key `name`stringnullable Human-readable label for the key `createdAt`string · date-timerequired `lastUsedAt`string · date-timenullable When the key was last used; null if never used Request ``` curl https://api.mobilenexthq.com/api/v1/keys \ -X GET \ -H 'Authorization: Bearer mob_...' ``` Response 200401403 All API keys in the selected organization ``` { "object": "list", "data": [ { "id": "string", "apiKeySuffix": "a1b", "name": "string", "createdAt": "2026-01-01T00:00:00Z", "lastUsedAt": "2026-01-01T00:00:00Z" } ] } ``` ## Create an API key[​](#create-api-key "Direct link to Create an API key") POST/api/v1/keys Creates a new API key in the selected organization and returns its secret. The full secret is shown only once, in this response; it is never retrievable again. Requires an interactive (JWT) session: an API key cannot create another API key. Use the X-Organization-Id header to choose which organization the new key belongs to. Header parameters `X-Organization-Id`string Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used. Body parameters `name`stringrequired Human-readable label for the key Returns A newly created API key. apiKey is the full secret and is returned only here, only once. `id`string · uuidrequired `apiKey`stringrequired The full secret, starting with mob\_. Shown once; store it now. `name`stringrequired `createdAt`string · date-timerequired Request ``` curl https://api.mobilenexthq.com/api/v1/keys \ -X POST \ -H 'Authorization: Bearer mob_...' \ -H 'Content-Type: application/json' \ -d '{"name":"CI pipeline"}' ``` Response 201400401403 API key created; the full secret is returned once in apiKey ``` { "id": "string", "apiKey": "mob_a1b2c3...", "name": "string", "createdAt": "2026-01-01T00:00:00Z" } ``` ## Delete an API key[​](#delete-api-key "Direct link to Delete an API key") DELETE/api/v1/keys/{id} Permanently deletes an API key in the organization. Any key in the organization can be deleted (not only the caller's own). Requires an interactive (JWT) session: an API key cannot delete keys. Requires a read/write or admin role; read-only members cannot delete keys. Use the X-Organization-Id header to choose the organization; otherwise the caller's default organization is used. Path parameters `id`string · uuidrequired API key id Header parameters `X-Organization-Id`string Selects which of the caller's organizations the request acts on. When omitted, the caller's default organization is used. Request ``` curl https://api.mobilenexthq.com/api/v1/keys/{id} \ -X DELETE \ -H 'Authorization: Bearer mob_...' ``` Response 204401403404 API key deleted ``` // No response body ```