API Keys

5 API calls in this section.

Create API Key

Platform & Access / API Keys

POST/api-keys?language=en

Creates a new API key for the authenticated user. The API key is returned only once in the response and cannot be retrieved later. Authentication: - Requires valid authentication token Required Fields: - name: A descriptive name for the API key Optional Fields: - expires_at: ISO 8601 date string when the key should expire (must be in the future) - description: Additional information about the key's purpose or usage

Send a bearer token in the Authorization header for an authenticated OnDi user session.

Request

curl

1curl --request POST "$ONDI_BASE_URL/api-keys?language=en" \2  --header "Authorization: Bearer {{access_token}}" \3  --header "Content-Type: application/json" \4  --header "Content-Type: application/json" \5  --data '{6  "name": "My API Key",7  "expires_at": "2025-12-31T23:59:59Z",8  "description": "API key for integration with my service"9}'

Request body

json

1{2  "name": "My API Key",3  "expires_at": "2025-12-31T23:59:59Z",4  "description": "API key for integration with my service"5}

Query parameters

languageOptional

query string

en

Language code for response localization (Optional, default: en)

Request body fields

nameExample

string

Example field from the request body.

expires_atExample

string

Example field from the request body.

descriptionExample

string

Example field from the request body.

Headers

AuthorizationOptional

header string

Bearer {{access_token}}

Content-TypeOptional

header string

application/json

Responses

Success Response201Created

Response body

json

1{2  "success": true,3  "message": "API key created successfully",4  "data": {5    "id": "550e8400-e29b-41d4-a716-446655440000",6    "name": "My API Key",7    "description": "API key for integration with my service",8    "created_at": "2023-01-01T00:00:00Z",9    "expires_at": "2025-12-31T23:59:59Z",10    "is_active": true,11    "api_key": "sr_a1b2c3d4e5f67890abcdef1234567890abcdef1234567890abcdef1234567890"12  }13}

Error - Missing Name400Bad Request

Response body

json

1{2  "success": false,3  "message": "Name is required and cannot be empty"4}

Error - Invalid Expiry Date400Bad Request

Response body

json

1{2  "success": false,3  "message": "Expiry date must be a valid future date"4}

Success (201 Created)201

Response body

json

1{2  "success": true,3  "message": "API key created successfully",4  "data": {5    "id": "uuid",6    "name": "My API Key",7    "description": "API key for integration with my service",8    "created_at": "2023-01-01T00:00:00Z",9    "expires_at": "2025-12-31T23:59:59Z",10    "is_active": true,11    "api_key": "sr_a1b2c3d4e5f6..." // Only returned once, store securely12  }13}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Failed to create API key",4  "details": "Error details"5}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Internal server error",4  "details": "Error details"5}

List API Keys

Platform & Access / API Keys

GET/api-keys?page=1&limit=10&search=&language=en

Retrieves a paginated list of API keys belonging to the authenticated user. This endpoint supports pagination and searching by name. Authentication: - Requires valid authentication token Query Parameters: - page (optional): Page number for pagination (default: 1) - limit (optional): Number of results per page (default: 10) - search (optional): Search term to filter API keys by name - language (optional): Language code for localized response messages (e.g., 'en')

Send a bearer token in the Authorization header for an authenticated OnDi user session.

Request

curl

1curl --request GET "$ONDI_BASE_URL/api-keys?page=1&limit=10&search=&language=en" \2  --header "Authorization: Bearer {{access_token}}"

Query parameters

pageOptional

query string

1

Page number for pagination (Optional, default: 1)

limitOptional

query string

10

Number of results per page (Optional, default: 10)

searchOptional

query string

Search term to filter API keys by name (Optional)

languageOptional

query string

en

Language code for response localization (Optional, default: en)

Headers

AuthorizationOptional

header string

Bearer {{access_token}}

Responses

Success Response200OK

Response body

json

1{2  "success": true,3  "message": "API keys retrieved successfully",4  "apiKeys": [5    {6      "id": "550e8400-e29b-41d4-a716-446655440000",7      "name": "Production API Key",8      "created_at": "2023-01-01T00:00:00Z",9      "created_by": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",10      "expires_at": "2025-12-31T23:59:59Z",11      "is_active": true,12      "revoked_at": null13    },14    {15      "id": "660e8400-e29b-41d4-a716-446655440000",16      "name": "Development API Key",17      "created_at": "2023-01-02T00:00:00Z",18      "created_by": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",19      "expires_at": null,20      "is_active": true,21      "revoked_at": null22    }23  ],24  "total": 2,25  "page": 1,26  "limit": 1027}

Error - Server Error500Internal Server Error

Response body

json

1{2  "success": false,3  "message": "Failed to fetch API keys"4}

Success (200 OK)200

Response body

json

1{2  "success": true,3  "message": "API keys retrieved successfully",4  "apiKeys": [5    {6      "id": "uuid",7      "name": "API Key Name",8      "created_at": "2023-01-01T00:00:00Z",9      "created_by": "user-uuid",10      "expires_at": "2025-12-31T23:59:59Z",11      "is_active": true,12      "revoked_at": null13    }14  ],15  "total": 5,16  "page": 1,17  "limit": 1018}

Update API Key

Platform & Access / API Keys

PUT/api-keys/:apiKeyId?language=en

Updates an existing API key's properties. Users can only update their own API keys. Authentication: - Requires valid authentication token Path Parameters: - apiKeyId: ID of the API key to update Optional Fields (at least one required): - name: New name for the API key - expires_at: New expiration date (must be in the future) or null for no expiration - is_active: Whether the API key is active - description: Updated description or null to remove description Validations: - At least one field must be provided for update - If expires_at is provided, it must be a valid future date - API key must not be revoked

Send a bearer token in the Authorization header for an authenticated OnDi user session.

Request

curl

1curl --request PUT "$ONDI_BASE_URL/api-keys/:apiKeyId?language=en" \2  --header "Authorization: Bearer {{access_token}}" \3  --header "Content-Type: application/json" \4  --header "Content-Type: application/json" \5  --data '{6  "name": "Updated API Key Name",7  "expires_at": "2026-12-31T23:59:59Z",8  "is_active": true,9  "description": "Updated description"10}'

Request body

json

1{2  "name": "Updated API Key Name",3  "expires_at": "2026-12-31T23:59:59Z",4  "is_active": true,5  "description": "Updated description"6}

Path parameters

apiKeyIdRequired

path string

ID of the API key to update

Query parameters

languageOptional

query string

en

Language code for response localization (Optional, default: en)

Request body fields

nameExample

string

Example field from the request body.

expires_atExample

string

Example field from the request body.

is_activeExample

boolean

Example field from the request body.

descriptionExample

string

Example field from the request body.

Headers

AuthorizationOptional

header string

Bearer {{access_token}}

Content-TypeOptional

header string

application/json

Responses

Success Response200OK

Response body

json

1{2  "success": true,3  "message": "API key updated successfully",4  "apiKey": {5    "id": "550e8400-e29b-41d4-a716-446655440000",6    "name": "Updated API Key Name",7    "created_at": "2023-01-01T00:00:00Z",8    "expires_at": "2026-12-31T23:59:59Z",9    "is_active": true,10    "description": "Updated description"11  }12}

Error - API Key Not Found404Not Found

Response body

json

1{2  "success": false,3  "message": "API key not found"4}

Error - No Valid Fields400Bad Request

Response body

json

1{2  "success": false,3  "message": "No valid fields to update"4}

Success (200 OK)200

Response body

json

1{2  "success": true,3  "message": "API key updated successfully",4  "apiKey": {5    "id": "uuid",6    "name": "Updated API Key Name",7    "created_at": "2023-01-01T00:00:00Z",8    "expires_at": "2026-12-31T23:59:59Z",9    "is_active": true,10    "description": "Updated description"11  }12}

Validation Error (400 Bad Request)400

Response body

json

1{2  "success": false,3  "message": "API key ID required"4}

Validation Error (400 Bad Request)400

Response body

json

1{2  "success": false,3  "message": "Invalid expires_at"4}

Not Found (404 Not Found)404

Response body

json

1{2  "success": false,3  "message": "API key not found or revoked"4}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Failed to fetch API key"4}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Failed to update API key"4}

Revoke API Key

Platform & Access / API Keys

DELETE/api-keys/:apiKeyId?language=en

Revokes (permanently disables) an API key. This action cannot be undone. Users can only revoke their own API keys. Authentication: - Requires valid authentication token Path Parameters: - apiKeyId: ID of the API key to revoke Query Parameters: - language (optional): Language code for localized response messages (e.g., 'en')

Send a bearer token in the Authorization header for an authenticated OnDi user session.

Request

curl

1curl --request DELETE "$ONDI_BASE_URL/api-keys/:apiKeyId?language=en" \2  --header "Authorization: Bearer {{access_token}}"

Path parameters

apiKeyIdRequired

path string

ID of the API key to revoke

Query parameters

languageOptional

query string

en

Language code for response localization (Optional, default: en)

Headers

AuthorizationOptional

header string

Bearer {{access_token}}

Responses

Success Response200OK

Response body

json

1{2  "success": true,3  "message": "API key revoked successfully"4}

Error - API Key Not Found404Not Found

Response body

json

1{2  "success": false,3  "message": "API key not found"4}

Error - Already Revoked404Not Found

Response body

json

1{2  "success": false,3  "message": "API key not found or revoked"4}

Validation Error (400 Bad Request)400

Response body

json

1{2  "success": false,3  "message": "API key ID required"4}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Failed to fetch API key"4}

Server Error (500 Internal Server Error)500

Response body

json

1{2  "success": false,3  "message": "Failed to revoke API key"4}

Health Check API Key

Platform & Access / API Keys

GET/api-keys/{{api_key}}/health

Verifies the validity of a tenant-generated API key and retrieves its details, including accessible modules. Authentication: - No authentication required (API key in path) Path Parameters: - api_key: The API key to validate

Most OnDi APIs require an authenticated session or service token. Public endpoints are marked by their path and module context.

Request

curl

1curl --request GET "$ONDI_BASE_URL/api-keys/{{api_key}}/health" \2  --header "Authorization: Bearer $ONDI_ACCESS_TOKEN"

Path parameters

api_keyRequired

path string

Variable used inside the request path.

Responses

Success Response200OK

Response body

json

1{2  "message": "API key is valid",3  "id": "550e8400-e29b-41d4-a716-446655440000",4  "name": "Production API Key",5  "created_at": "2023-01-01T00:00:00Z",6  "created_by": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",7  "expires_at": "2025-12-31T23:59:59Z",8  "is_active": true,9  "revoked_at": null,10  "modules": [11    "delivery",12    "warehousing"13  ]14}

Error - API key is required400Bad Request

Response body

json

1{2  "success": false,3  "message": "API key is required"4}

Error - API key is revoked, expired, or inactive401Unauthorized

Response body

json

1{2  "success": false,3  "message": "API key is revoked, expired, or inactive"4}

Error - API key not found404Not Found

Response body

json

1{2  "success": false,3  "message": "API key not found"4}