Changelog

Create a key

bearerAuth

The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response.

The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server.

The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web.

This response is sent when a request conflicts with the current state of the server.

The requested operation cannot be completed because certain conditions were not met. This typically occurs when a required resource state or version check fails.

The user has sent too many requests in a given amount of time ("rate limiting")

The server has encountered a situation it does not know how to handle.

Unkey Docs

Welcome to Unkey

How does Unkey work? What security measures are in place?

Overview

Learn how root keys in the Unkey API work

Root Keys

Recovering Keys

Unkey offers IP whitelisting to restrict requests to a specific set of IP addresses.

IP Whitelisting

How Unkey protects you from leaked root keys

GitHub Secret Scanning

Identities are a representations of a user, an org or a machine in your application.

Identities can be used to share ratelimits across multiple keys

Ratelimits

Optimize for consistency or latency with different ratelimiting modes.

Consistency vs Latency

Override limits for identifiers without code changes.

Custom overrides

Manage dynamic overrides programmatically

Automated Overrides

Audit logs for your workspace, allowing you to see the history of all the resource requests made inside your workspace.

Event Types

Power your own dashboard, reports or usage-based billing

Quickstarts

Vercel

Migrate keys to Unkey

Securely authenticating with the Unkey API

Authentication

Introduction

BAD_REQUEST

UNAUTHORIZED

FORBIDDEN

INSUFFICIENT_PERMISSIONS

NOT_FOUND

DELETE_PROTECTED

EXPIRED

CONFLICT

DISABLED

TOO_MANY_REQUESTS

INTERNAL_SERVER_ERROR

Verify a key

Retrieve a key by ID

Updates the configuration of an existing key. Omit fields to leave unchanged.

Update a key

Update a key's remaining limit

Deleted keys are no longer valid and will not be able to be used to authenticate requests.

Delete a key

Retrieve usage numbers

Add Permissions

Remove one or more permissions from a key.

Remove Permissions

Overwrite the permissions of a key with a new set of permissions.

Set Permissions

Add Roles

Remove Roles

Overwrite the roles of a key with a new set of roles.

Set Roles

Returns data about a key

Create an API

Retrieve an API

List keys for an API

Delete all keys of an API

Permanently delete an API and revoke all keys associated with it

Delete an API

Create A Role

Get Role

List Roles

Delete A Role

Create A Permission

Get Permission

List Permissions

Delete A Permission

Create an identity

Get an identity

List identities

Update an identity

Delete an identity

Ratelimit an action based on an identifier.

Ratelimit

Set Override

Retrieve the configured override by `namespaceId` or `namespaceName`.

Get Override

Retrieve a list of configured overrides by `namespaceId` or `namespaceName`.

List Overrides

Delete Override

Get Verifications

Migrate key to Unkey

@unkey/nextjs

Hono.js middleware for authenticating API keys

@unkey/hono

@unkey/cache

Developer-friendly & type-safe Python SDK for Unkey's API.

Using unkey.py synchronous or asynchronous

API Documentation

Create a key

Changelog

Authorizations

Body

Response

API Documentation

​Changelog

Authorizations

Body

Response

Changelog