Manage API Keys | TutorFlow Agent Platform Docs

POST /v1/platform/api-keys

Create a new API key. The raw key is returned only once, so store it securely.

Request Body

Field	Type	Required	Description
`name`	`string`	Yes	Human-readable name for the key
`organizationId`	`string`	Yes	Workspace (organization) ID to create the key for

Example Request

curl -X POST https://api.tutorflow.io/v1/platform/api-keys \
  -H "Authorization: Bearer tf_platform_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production Key",
    "organizationId": "workspace-uuid"
  }'

Response

{
  "apiKey": "tf_platform_a1b2c3d4e5f6...",
  "keyId": "key-uuid",
  "keyPrefix": "tf_platform_",
  "name": "Production Key"
}

GET /v1/platform/api-keys

List all API keys for a workspace. The raw key is never returned, only the prefix and metadata.

Query Parameters

Parameter	Type	Required	Description
`organizationId`	`string`	Yes	Workspace (organization) ID to list keys for

Example Request

curl "https://api.tutorflow.io/v1/platform/api-keys?organizationId=workspace-uuid" \
  -H "Authorization: Bearer tf_platform_..."

Response Fields

Field	Type	Description
`id`	`string`	API key unique identifier
`name`	`string`	Human-readable name
`keyPrefix`	`string`	First characters of the key for identification
`status`	`string`	`ACTIVE`, `REVOKED`, or `EXPIRED`
`platformWorkspaceId`	`string`	ID of the workspace this key belongs to
`lastUsedAt`	`string \| null`	ISO 8601 timestamp of last usage, or `null`
`expiresAt`	`string \| null`	ISO 8601 expiration timestamp, or `null` if no expiry
`createdAt`	`string`	ISO 8601 creation timestamp
`updatedAt`	`string`	ISO 8601 last-updated timestamp

Response

[
  {
    "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "name": "Production Key",
    "keyPrefix": "tf_platform_a1b2",
    "status": "ACTIVE",
    "platformWorkspaceId": "b3f1a2c4-d5e6-7f8a-9b0c-1d2e3f4a5b6c",
    "lastUsedAt": "2026-03-28T14:22:00Z",
    "expiresAt": null,
    "createdAt": "2026-03-19T10:00:00Z",
    "updatedAt": "2026-03-28T14:22:00Z"
  }
]

POST /v1/platform/api-keys/:id/revoke

Permanently revoke an API key. Any requests using this key will immediately return 401 Unauthorized.

Example Request

curl -X POST https://api.tutorflow.io/v1/platform/api-keys/KEY_ID/revoke \
  -H "Authorization: Bearer tf_platform_..."

Response

Returns the revoked API key object with status set to REVOKED.

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "name": "Production Key",
  "keyPrefix": "tf_platform_a1b2",
  "status": "REVOKED",
  "platformWorkspaceId": "b3f1a2c4-d5e6-7f8a-9b0c-1d2e3f4a5b6c",
  "lastUsedAt": "2026-03-28T14:22:00Z",
  "expiresAt": null,
  "createdAt": "2026-03-19T10:00:00Z",
  "updatedAt": "2026-03-29T09:15:00Z"
}

POST /v1/platform/api-keys/:id/rotate

Rotate a key: atomically revokes the old key and creates a new one with the same name. Returns the new raw key. No request body is required.

Example Request

curl -X POST https://api.tutorflow.io/v1/platform/api-keys/KEY_ID/rotate \
  -H "Authorization: Bearer tf_platform_..."

Response

{
  "apiKey": "tf_platform_new_key_here...",
  "keyId": "new-key-uuid",
  "keyPrefix": "tf_platform_",
  "name": "Production Key"
}