> For the complete documentation index, see [llms.txt](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/users-teams/team-api-keys.md). # Team API Keys ### Overview Team API keys are designed for service accounts that manage Open Authorization API (OAA) integrations assigned to a team. Similar to personal API keys, these keys authenticate API requests, and can be revoked or reinstated to control programmatic access to Veza. Each key is associated with a single team and has the `oaa_push` role, restricted to specific read and write operations for creating and updating OAA data sources. Team API keys are limited to the following operations: * [Create Custom Provider Data Source](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#create-custom-provider) * [Push Custom Provider Data Source](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#create-custom-provider-datasource) * [Delete Custom Provider Data Source](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#delete-custom-provider-datasource) * [Get Custom Provider Data Source](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#get-datasource-by-id) * [List Custom Provider Templates](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api.md) * [List Custom Providers](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#list-custom-providers) * [List Custom Provider Data Sources](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#list-custom-provider-datasources) * [Push Custom Provider CSV Data Source](/4yItIzMvkpAvMVFAamTf/developers/api/oaa/rest-api/operations.md#push-custom-provider-datasource-csv) * [Get User](/4yItIzMvkpAvMVFAamTf/developers/api/users-teams.md#get-user) Administrators can create and manage team API keys using the endpoints documented below. Note that Team API Keys are currently provided as an early access feature, and `/preview/` API operations are subject to change as capabilities are added or modified. ### List Team API Keys **Method:** GET **Endpoint:** `/api/preview/teamkeys` Returns API key details such as last activity time and status. If the query includes a `team_id` filter expression, only keys for that team are listed. Note: When using a personal API key for a [non-root team](/4yItIzMvkpAvMVFAamTf/developers/api/authentication/api-tokens.md#team-api-keys-early-access), the `team_id` filter is automatically applied. Only root team administrators can view keys across all teams. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys" method="get" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X GET "https:///api/preview/teamkeys?filter=team_id+eq+%2260437fa0-15ab-4c1f-a211-010543ac8a89%22" \ -H "accept: application/json" ``` **Example Response:** ```json { "values": [ { "id": "54807783-c5ec-4efd-9d1b-853bada658dd", "access_key": "", "name": "AWS Team Key", "created_at": "2024-06-25T08:30:17.087351612Z", "last_access_at": "2024-06-25T08:30:17.087351612Z", "status": "ACTIVE", "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89" } ], "next_page_token": "" } ``` ### Create Team API Key **Method:** POST **Endpoint:** `/api/preview/teamkeys` Create an API key by providing a key `name` and team `team_id`. The response includes the `access_key`, which cannot be retrieved again. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X POST "https:///api/preview/teamkeys" \ -H "accept: application/json" \ -H "content-type: application/json" \ -d '{"name":"New Team API Key","team_id":"60437fa0-15ab-4c1f-a211-010543ac8a89"}' ``` **Example Response:** ```json { "value": { "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d", "access_key": "", "name": "New Team API Key", "created_at": "2024-08-26T21:29:59.409761363Z", "last_access_at": "2024-08-26T21:29:59.409761363Z", "status": "ACTIVE", "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89" } } ``` ### Remove Team API Key **Method:** DELETE **Endpoint:** `/api/preview/teamkeys/{id}` Permanently delete a team API key. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys/{id}" method="delete" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X DELETE "https:///api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \ -H "accept: application/json" ``` **Example Response:** ```json { "value": { "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d", "access_key": "", "name": "Updated API Key", "created_at": "2024-08-26T21:29:59.409761363Z", "last_access_at": "2024-08-26T21:29:59.409761363Z", "status": "INACTIVE", "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89" } } ``` ### Revoke Team API Key **Method:** POST **Endpoint:** `/api/preview/teamkeys/{id}:revoke` Suspend usage of a team API key, changing the status to `INACTIVE`. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys/{id}:revoke" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X POST "https:///api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:revoke" \ -H "accept: application/json" ``` **Example Response:** ```json {} ``` ### Reinstate Team API Key **Method:** POST **Endpoint:** `/api/preview/teamkeys/{id}:reinstate` Reinstates a previously revoked team API key, changing the status to `ACTIVE`. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys/{id}:reinstate" method="post" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X POST "https:///api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:reinstate" \ -H "accept: application/json" ``` **Example Response:** ```json {} ``` ### Update Team API Key **Method:** PATCH **Endpoint:** `/api/preview/teamkeys/{value.id}` Use this operation to update the display name of a team API key. {% openapi src="/files/Aco9gj4MY2XoNiD4zIjr" path="/api/preview/teamkeys/{value.id}" method="patch" %} [openapi.yaml](https://1967633068-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MZDkWMxox3pekd0NsZJ%2Fuploads%2Fgit-blob-0d9d5973a247f0dc34943ed932d00eb6f5a41e3e%2Fopenapi.yaml?alt=media) {% endopenapi %} **Example Request:** ```shell curl -X PATCH "https:///api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \ -H "accept: application/json"\ -H "content-type: application/json" \ -d '{"name":"Updated API Key"}' ``` **Example Response:** ```json { "value": { "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d", "access_key": "", "name": "Updated API Key", "created_at": "2024-08-26T21:29:59.409761363Z", "last_access_at": "2024-08-26T21:29:59.409761363Z", "status": "ACTIVE", "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89" } } ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/developers/api/users-teams/team-api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.