Authentication
All Octokraft API requests require authentication via an API key.
API Key Authentication
Pass your API key as a Bearer token in the Authorization header:
curl "https://app.octokraft.com/api/v1/projects" \
-H "Authorization: Bearer ok_live_a1b2c3d4e5f6..."
Creating API Keys
Create API keys from the Octokraft dashboard under Settings > API Keys, or programmatically via the API:
curl -X POST "https://app.octokraft.com/api/v1/api-keys" \
-H "Authorization: Bearer ok_live_a1b2c3d4e5f6..." \
-H "Content-Type: application/json" \
-d '{
"name": "CI Pipeline Key",
"description": "Used in GitHub Actions"
}'
The full API key is only returned once at creation time. Store it securely — you will not be able to retrieve it again.
Managing API Keys
List Keys
curl "https://app.octokraft.com/api/v1/api-keys" \
-H "Authorization: Bearer ok_live_a1b2c3d4e5f6..."
{
"keys": [
{
"id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"name": "CI Pipeline Key",
"description": "Used in GitHub Actions",
"key_prefix": "ok_live_a1b2",
"scopes": [],
"last_used_at": "2026-03-10T14:30:00Z",
"created_at": "2026-02-15T09:00:00Z"
}
]
}
Revoke a Key
curl -X DELETE "https://app.octokraft.com/api/v1/api-keys/f47ac10b-58cc-4372-a567-0e02b2c3d479" \
-H "Authorization: Bearer ok_live_a1b2c3d4e5f6..."
204 No Content on success.
Key Scoping
API keys are scoped to the user who created them. The key inherits the user’s project memberships and roles — it can access the same projects the user belongs to, with the same permissions.
Error Responses
| Status | Meaning |
|---|
401 Unauthorized | Missing or invalid API key, or the key has been revoked |
403 Forbidden | The API key’s user does not have access to the requested project or resource |
{
"error": "unauthorized"
}
