API Keys

Create and manage API keys for authenticating with the AppStore Copilot API.

Key Types

Live keys (asc_live_) are for production use.Test keys (asc_test_) are for development and don't count against your usage limits.

Endpoints

Get a list of all API keys for your account. Key values are partially redacted for security.

GET /api/v1/keys

Authentication

Requires API key with Authorization: Bearer <api_key> header

Response Example

{
  "success": true,
  "data": {
    "keys": [
      {
        "id": "key_abc123",
        "name": "Production API Key",
        "prefix": "asc_live_xxxx",
        "lastFour": "7890",
        "scopes": ["read", "write"],
        "lastUsed": "2024-01-20T14:30:00Z",
        "createdAt": "2024-01-15T10:00:00Z",
        "expiresAt": null
      },
      {
        "id": "key_def456",
        "name": "CI/CD Key",
        "prefix": "asc_live_xxxx",
        "lastFour": "1234",
        "scopes": ["read", "write", "delete"],
        "lastUsed": "2024-01-20T12:00:00Z",
        "createdAt": "2024-01-10T08:00:00Z",
        "expiresAt": "2024-12-31T23:59:59Z"
      }
    ]
  }
}

Code Examples

curl -X GET https://api.appstorecopilot.com/v1/keys \
  -H "Authorization: Bearer $ASC_API_KEY"

Create a new API key. The full key value is only shown once upon creation.

POST /api/v1/keys

Authentication

Requires API key with Authorization: Bearer <api_key> header

Request Body

Name	Type	Required	Description
`name`	`string`	Yes	A friendly name for the key
`scopes`	`string[]`	No	Permission scopes: read, write, delete (default: `["read", "write"]`)
`expiresAt`	`string`	No	ISO 8601 expiration date (optional)

Response Example

{
  "success": true,
  "data": {
    "id": "key_ghi789",
    "name": "New API Key",
    "key": "asc_live_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "scopes": ["read", "write"],
    "createdAt": "2024-01-20T15:00:00Z",
    "expiresAt": null
  },
  "warning": "Store this key securely. It will not be shown again."
}

Code Examples

curl -X POST https://api.appstorecopilot.com/v1/keys \
  -H "Authorization: Bearer $ASC_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "New API Key",
    "scopes": ["read", "write"]
  }'

Permanently revoke an API key. This action cannot be undone and will immediately invalidate the key.

DELETE /api/v1/keys/:keyId

Authentication

Requires API key with Authorization: Bearer <api_key> header

URL Parameters

Name	Type	Required	Description
`keyId`	`string`	Yes	The key ID to revoke

Response Example

{
  "success": true,
  "message": "API key revoked successfully"
}

Code Examples

curl -X DELETE https://api.appstorecopilot.com/v1/keys/key_abc123 \
  -H "Authorization: Bearer $ASC_API_KEY"

Permission Scopes

Scope	Permissions
`read`	Read projects, metadata, screenshots, and usage data
`write`	Create/update projects, metadata, translations, and screenshots
`delete`	Delete projects, credentials, and API keys