API Keys
Overview
Section titled “Overview”API keys allow programmatic access to AutoDB from your own applications, CI/CD pipelines, or MCP clients. Each key is scoped to a Supabase user and sees the same connections as the dashboard.
All API key management endpoints require JWT authentication (dashboard only). API keys themselves cannot create, list, or revoke other keys.
Create a Key
Section titled “Create a Key”curl -X POST https://api.autodb.app/api/v1/api-keys \ -H "Content-Type: application/json" \ -H "Authorization: Bearer YOUR_JWT" \ -d '{"name": "CI/CD pipeline"}'| Field | Type | Description |
|---|---|---|
name | string | Human-readable label (1-200 chars). |
Response (201)
Section titled “Response (201)”{ "success": true, "data": { "id": "aa0e8400-e29b-41d4-a716-446655440099", "name": "CI/CD pipeline", "key": "adb_a1b2c3d4e5f6...", "prefix": "adb_a1b2", "created_at": "2026-04-11T..." }}The raw key is shown once at creation and cannot be retrieved later. Store it securely.
List Keys
Section titled “List Keys”curl https://api.autodb.app/api/v1/api-keys \ -H "Authorization: Bearer YOUR_JWT"Returns all active keys for the authenticated user. The raw key is never included — only the prefix for identification.
Revoke a Key
Section titled “Revoke a Key”curl -X DELETE https://api.autodb.app/api/v1/api-keys/KEY_ID \ -H "Authorization: Bearer YOUR_JWT"Soft-deletes the key. It is immediately invalidated and cannot be used for further requests.
Using an API Key
Section titled “Using an API Key”Pass the key in the X-API-Key header:
curl https://api.autodb.app/api/v1/connections \ -H "X-API-Key: adb_your_key_here"API keys have the same permissions as the owning user — they see the same connections and are subject to the same rate limits and billing.