Team API Keys

Overview

Team API keys are designed for service accounts that manage Open Authorization API (OAA) integrations assigned to a team. Similar to personal API keys, these keys authenticate API requests, and can be revoked or reinstated to control programmatic access to Veza. Each key is associated with a single team and has the oaa_push role, restricted to specific read and write operations for creating and updating OAA data sources.

Team API keys are limited to the following operations:

Administrators can create and manage team API keys using the endpoints documented below. Note that Team API Keys are currently provided as an early access feature, and /preview/ API operations are subject to change as capabilities are added or modified.

List Team API Keys

Method: GET Endpoint: /api/preview/teamkeys

Returns API key details such as last activity time and status. If the query includes a team_id filter expression, only keys for that team are listed.

Note: When using a personal API key for a non-root team, the team_id filter is automatically applied. Only root team administrators can view keys across all teams.

List API keys for teams

get

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Query parameters

filterstringOptional

[team_id] String to filter API keys belonging to a specific team. If empty, list all team keys in scope

page_sizeinteger · int32Optional

page_tokenstringOptional

Responses

200

application/json

default

Default error response

application/json

get

/api/preview/teamkeys

GET /api/preview/teamkeys HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "values": [
    {
      "id": "text",
      "access_key": "text",
      "name": "text",
      "created_at": "2026-01-31T22:35:48.538Z",
      "last_access_at": "2026-01-31T22:35:48.538Z",
      "status": 1,
      "team_id": "text",
      "team_name": "text"
    }
  ],
  "next_page_token": "text"
}

Example Request:

curl -X GET "https://<base-url>/api/preview/teamkeys?filter=team_id+eq+%2260437fa0-15ab-4c1f-a211-010543ac8a89%22" \
 -H "accept: application/json"

Example Response:

{
  "values": [
    {
      "id": "54807783-c5ec-4efd-9d1b-853bada658dd",
      "access_key": "",
      "name": "AWS Team Key",
      "created_at": "2024-06-25T08:30:17.087351612Z",
      "last_access_at": "2024-06-25T08:30:17.087351612Z",
      "status": "ACTIVE",
      "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
    }
  ],
  "next_page_token": ""
}

Create Team API Key

Method: POST Endpoint: /api/preview/teamkeys

Create an API key by providing a key name and team team_id. The response includes the access_key, which cannot be retrieved again.

Create a new team API key for a service account

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Body

namestringOptional

Human friendly name

team_idstringOptional

Service account's team ID

Responses

200

application/json

default

Default error response

application/json

post

/api/preview/teamkeys

POST /api/preview/teamkeys HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "name": "text",
  "team_id": "text"
}

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2026-01-31T22:35:48.538Z",
    "last_access_at": "2026-01-31T22:35:48.538Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys" \
 -H "accept: application/json" \
 -H "content-type: application/json" \
 -d '{"name":"New Team API Key","team_id":"60437fa0-15ab-4c1f-a211-010543ac8a89"}'

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "<access key>",
    "name": "New Team API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "ACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

Remove Team API Key

Method: DELETE Endpoint: /api/preview/teamkeys/{id}

Permanently delete a team API key.

Remove team API Key

delete

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

default

Default error response

application/json

delete

/api/preview/teamkeys/{id}

DELETE /api/preview/teamkeys/{id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2026-01-31T22:35:48.538Z",
    "last_access_at": "2026-01-31T22:35:48.538Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X DELETE "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
 -H "accept: application/json"

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "",
    "name": "Updated API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "INACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

Revoke Team API Key

Method: POST Endpoint: /api/preview/teamkeys/{id}:revoke

Suspend usage of a team API key, changing the status to INACTIVE.

Revoke team API Key

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

post

/api/preview/teamkeys/{id}:revoke

POST /api/preview/teamkeys/{id}:revoke HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:revoke" \
 -H "accept: application/json"

Example Response:

{}

Reinstate Team API Key

Method: POST Endpoint: /api/preview/teamkeys/{id}:reinstate

Reinstates a previously revoked team API key, changing the status to ACTIVE.

Reinstate a revoked team API Key

post

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

idstringRequired

Responses

200

application/json

Responseobject

default

Default error response

application/json

post

/api/preview/teamkeys/{id}:reinstate

POST /api/preview/teamkeys/{id}:reinstate HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Accept: */*

{}

Example Request:

curl -X POST "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d:reinstate" \
 -H "accept: application/json"

Example Response:

{}

Update Team API Key

Method: PATCH Endpoint: /api/preview/teamkeys/{value.id}

Use this operation to update the display name of a team API key.

Update team API key metadata

patch

Authorizations

AuthorizationstringRequired

Veza API key for authentication. Generate keys in Administration > API Keys.

Path parameters

value.idstringRequired

Query parameters

update_maskstring · field-maskOptional

Body

API Key

idstringOptional

The unique identifier of this API key.

access_keystringRead-onlyOptional

Base64 encoded access token. Only available when creating a key

namestringOptional

User provided name for this key

created_atstring · date-timeRead-onlyOptional

ISO-8601 timestamp of when this key was created

last_access_atstring · date-timeRead-onlyOptional

ISO-8601 timestamp of when this key was last updated

statusinteger · enumRead-onlyOptional

Status of the key. Key is ACTIVE or INACTIVE. API keys can only be used when they are ACTIVE

team_idstringOptional

Team ID that this key belongs to

team_namestringRead-onlyOptional

Team Name that this key belongs to

Responses

200

application/json

default

Default error response

application/json

patch

/api/preview/teamkeys/{value.id}

PATCH /api/preview/teamkeys/{value.id} HTTP/1.1
Host: your-tenant.vezacloud.com
Authorization: Bearer YOUR_SECRET_TOKEN
Content-Type: application/json
Accept: */*
Content-Length: 44

{
  "id": "text",
  "name": "text",
  "team_id": "text"
}

{
  "value": {
    "id": "text",
    "access_key": "text",
    "name": "text",
    "created_at": "2026-01-31T22:35:48.538Z",
    "last_access_at": "2026-01-31T22:35:48.538Z",
    "status": 1,
    "team_id": "text",
    "team_name": "text"
  }
}

Example Request:

curl -X PATCH "https://<base-url>/api/preview/teamkeys/7ddd5e0c-29cd-41c5-b41f-884b2d24b05d" \
 -H "accept: application/json"\
 -H "content-type: application/json" \
 -d '{"name":"Updated API Key"}'

Example Response:

{
  "value": {
    "id": "7ddd5e0c-29cd-41c5-b41f-884b2d24b05d",
    "access_key": "",
    "name": "Updated API Key",
    "created_at": "2024-08-26T21:29:59.409761363Z",
    "last_access_at": "2024-08-26T21:29:59.409761363Z",
    "status": "ACTIVE",
    "team_id": "60437fa0-15ab-4c1f-a211-010543ac8a89"
  }
}

PreviousTeam and User Management APIs NextLifecycle Management APIs

Last updated 21 hours ago

Was this helpful?

hashtagOverview

hashtagList Team API Keys

hashtagList API keys for teams

hashtagCreate Team API Key

hashtagCreate a new team API key for a service account

hashtagRemove Team API Key

hashtagRemove team API Key

hashtagRevoke Team API Key

hashtagRevoke team API Key

hashtagReinstate Team API Key

hashtagReinstate a revoked team API Key

hashtagUpdate Team API Key

hashtagUpdate team API key metadata

Overview

List Team API Keys

List API keys for teams

Create Team API Key

Create a new team API key for a service account

Remove Team API Key

Remove team API Key

Revoke Team API Key

Revoke team API Key

Reinstate Team API Key

Reinstate a revoked team API Key

Update Team API Key

Update team API key metadata