ory-client 1.22.39 → 1.22.40

data/lib/ory-client/api/api_keys_api.rb

@@ -0,0 +1,1190 @@
+=begin
+#Ory APIs
+
+## Introduction Documentation for all public and administrative Ory APIs. Administrative APIs can only be accessed with a valid Personal Access Token. Public APIs are mostly used in browsers.  ## SDKs This document describes the APIs available in the Ory Network. The APIs are available as SDKs for the following languages:  | Language       | Download SDK                                                     | Documentation                                                                        | | -------------- | ---------------------------------------------------------------- | ------------------------------------------------------------------------------------ | | Dart           | [pub.dev](https://pub.dev/packages/ory_client)                   | [README](https://github.com/ory/sdk/blob/master/clients/client/dart/README.md)       | | .NET           | [nuget.org](https://www.nuget.org/packages/Ory.Client/)          | [README](https://github.com/ory/sdk/blob/master/clients/client/dotnet/README.md)     | | Elixir         | [hex.pm](https://hex.pm/packages/ory_client)                     | [README](https://github.com/ory/sdk/blob/master/clients/client/elixir/README.md)     | | Go             | [github.com](https://github.com/ory/client-go)                   | [README](https://github.com/ory/sdk/blob/master/clients/client/go/README.md)         | | Java           | [maven.org](https://search.maven.org/artifact/sh.ory/ory-client) | [README](https://github.com/ory/sdk/blob/master/clients/client/java/README.md)       | | JavaScript     | [npmjs.com](https://www.npmjs.com/package/@ory/client)           | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript/README.md) | | JavaScript (With fetch) | [npmjs.com](https://www.npmjs.com/package/@ory/client-fetch)           | [README](https://github.com/ory/sdk/blob/master/clients/client/typescript-fetch/README.md) |  | PHP            | [packagist.org](https://packagist.org/packages/ory/client)       | [README](https://github.com/ory/sdk/blob/master/clients/client/php/README.md)        | | Python         | [pypi.org](https://pypi.org/project/ory-client/)                 | [README](https://github.com/ory/sdk/blob/master/clients/client/python/README.md)     | | Ruby           | [rubygems.org](https://rubygems.org/gems/ory-client)             | [README](https://github.com/ory/sdk/blob/master/clients/client/ruby/README.md)       | | Rust           | [crates.io](https://crates.io/crates/ory-client)                 | [README](https://github.com/ory/sdk/blob/master/clients/client/rust/README.md)       | 
+
+The version of the OpenAPI document: v1.22.40
+Contact: support@ory.sh
+Generated by: https://openapi-generator.tech
+Generator version: 7.17.0
+
+=end
+
+require 'cgi'
+
+module OryClient
+  class APIKeysApi
+    attr_accessor :api_client
+
+    def initialize(api_client = ApiClient.default)
+      @api_client = api_client
+    end
+    # Batch Import API Keys
+    # Imports up to 1000 external API keys in one request. Returns per-item results. If at least one item succeeds, response is 200 OK. If all items fail, the endpoint returns a non-200 error.  ```http POST /v2alpha1/admin/importedApiKeys:batchImport {   \"requests\": [     {\"raw_key\": \"sk_live_abc\", \"name\": \"Stripe key\", \"actor_id\": \"user_1\"},     {\"raw_key\": \"ghp_xyz\", \"name\": \"GitHub PAT\", \"actor_id\": \"user_2\"}   ] } ```
+    # @param batch_import_api_keys_request [BatchImportAPIKeysRequest] BatchImportAPIKeysRequest imports multiple external API keys in one request. The maximum batch size is 1000 keys.
+    # @param [Hash] opts the optional parameters
+    # @return [BatchImportAPIKeysResponse]
+    def admin_batch_import_api_keys(batch_import_api_keys_request, opts = {})
+      data, _status_code, _headers = admin_batch_import_api_keys_with_http_info(batch_import_api_keys_request, opts)
+      data
+    end
+
+    # Batch Import API Keys
+    # Imports up to 1000 external API keys in one request. Returns per-item results. If at least one item succeeds, response is 200 OK. If all items fail, the endpoint returns a non-200 error.  ```http POST /v2alpha1/admin/importedApiKeys:batchImport {   \"requests\": [     {\"raw_key\": \"sk_live_abc\", \"name\": \"Stripe key\", \"actor_id\": \"user_1\"},     {\"raw_key\": \"ghp_xyz\", \"name\": \"GitHub PAT\", \"actor_id\": \"user_2\"}   ] } ```
+    # @param batch_import_api_keys_request [BatchImportAPIKeysRequest] BatchImportAPIKeysRequest imports multiple external API keys in one request. The maximum batch size is 1000 keys.
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(BatchImportAPIKeysResponse, Integer, Hash)>] BatchImportAPIKeysResponse data, response status code and response headers
+    def admin_batch_import_api_keys_with_http_info(batch_import_api_keys_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_batch_import_api_keys ...'
+      end
+      # verify the required parameter 'batch_import_api_keys_request' is set
+      if @api_client.config.client_side_validation && batch_import_api_keys_request.nil?
+        fail ArgumentError, "Missing the required parameter 'batch_import_api_keys_request' when calling APIKeysApi.admin_batch_import_api_keys"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys:batchImport'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(batch_import_api_keys_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'BatchImportAPIKeysResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_batch_import_api_keys",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_batch_import_api_keys\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Batch Verify API Keys
+    # Verifies multiple credentials in a single request. Efficiently verifies up to 100 credentials in parallel. Each credential is verified independently; partial failures are returned. Admin access only.  Cache Control (HTTP Headers):   - Cache-Control: no-cache  - Bypasses cache read, forces fresh DB lookup   - Cache-Control: no-store  - Bypasses cache read AND write (never cached)   - Pragma: no-cache         - Same as Cache-Control: no-cache (HTTP/1.0)  The cache directive applies to every credential in the batch.  ```http POST /v2alpha1/admin/apiKeys:batchVerify {   \"requests\": [     {\"credential\": \"sk_live_abc123...\"},     {\"credential\": \"eyJhbGciOiJFZERTQSI...\"}   ] } ```
+    # @param batch_verify_api_keys_request [BatchVerifyAPIKeysRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :cache_control Cache-directive controlling the verifier cache. &#x60;no-cache&#x60; forces a fresh database lookup (cache read is bypassed). &#x60;no-store&#x60; additionally prevents the result from being written to the cache. Any other value is ignored.
+    # @option opts [String] :pragma HTTP/1.0 alias for &#x60;Cache-Control: no-cache&#x60;. Behaves identically when set to &#x60;no-cache&#x60;; ignored otherwise.
+    # @return [BatchVerifyAPIKeysResponse]
+    def admin_batch_verify_api_keys(batch_verify_api_keys_request, opts = {})
+      data, _status_code, _headers = admin_batch_verify_api_keys_with_http_info(batch_verify_api_keys_request, opts)
+      data
+    end
+
+    # Batch Verify API Keys
+    # Verifies multiple credentials in a single request. Efficiently verifies up to 100 credentials in parallel. Each credential is verified independently; partial failures are returned. Admin access only.  Cache Control (HTTP Headers):   - Cache-Control: no-cache  - Bypasses cache read, forces fresh DB lookup   - Cache-Control: no-store  - Bypasses cache read AND write (never cached)   - Pragma: no-cache         - Same as Cache-Control: no-cache (HTTP/1.0)  The cache directive applies to every credential in the batch.  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/apiKeys:batchVerify {   \&quot;requests\&quot;: [     {\&quot;credential\&quot;: \&quot;sk_live_abc123...\&quot;},     {\&quot;credential\&quot;: \&quot;eyJhbGciOiJFZERTQSI...\&quot;}   ] } &#x60;&#x60;&#x60;
+    # @param batch_verify_api_keys_request [BatchVerifyAPIKeysRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :cache_control Cache-directive controlling the verifier cache. &#x60;no-cache&#x60; forces a fresh database lookup (cache read is bypassed). &#x60;no-store&#x60; additionally prevents the result from being written to the cache. Any other value is ignored.
+    # @option opts [String] :pragma HTTP/1.0 alias for &#x60;Cache-Control: no-cache&#x60;. Behaves identically when set to &#x60;no-cache&#x60;; ignored otherwise.
+    # @return [Array<(BatchVerifyAPIKeysResponse, Integer, Hash)>] BatchVerifyAPIKeysResponse data, response status code and response headers
+    def admin_batch_verify_api_keys_with_http_info(batch_verify_api_keys_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_batch_verify_api_keys ...'
+      end
+      # verify the required parameter 'batch_verify_api_keys_request' is set
+      if @api_client.config.client_side_validation && batch_verify_api_keys_request.nil?
+        fail ArgumentError, "Missing the required parameter 'batch_verify_api_keys_request' when calling APIKeysApi.admin_batch_verify_api_keys"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/apiKeys:batchVerify'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+      header_params[:'Cache-Control'] = opts[:'cache_control'] if !opts[:'cache_control'].nil?
+      header_params[:'Pragma'] = opts[:'pragma'] if !opts[:'pragma'].nil?
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(batch_verify_api_keys_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'BatchVerifyAPIKeysResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_batch_verify_api_keys",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_batch_verify_api_keys\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Delete Imported API Key
+    # Permanently deletes an imported key (hard delete). The key is removed from the database. Use RevokeAPIKey for soft deletion (recommended).  ```http DELETE /v2alpha1/admin/importedApiKeys/{key_id} ```
+    # @param key_id [String] SHA512/256 hash of the imported key (REQUIRED)
+    # @param [Hash] opts the optional parameters
+    # @return [Object]
+    def admin_delete_imported_api_key(key_id, opts = {})
+      data, _status_code, _headers = admin_delete_imported_api_key_with_http_info(key_id, opts)
+      data
+    end
+
+    # Delete Imported API Key
+    # Permanently deletes an imported key (hard delete). The key is removed from the database. Use RevokeAPIKey for soft deletion (recommended).  &#x60;&#x60;&#x60;http DELETE /v2alpha1/admin/importedApiKeys/{key_id} &#x60;&#x60;&#x60;
+    # @param key_id [String] SHA512/256 hash of the imported key (REQUIRED)
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(Object, Integer, Hash)>] Object data, response status code and response headers
+    def admin_delete_imported_api_key_with_http_info(key_id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_delete_imported_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_delete_imported_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys/{key_id}'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'Object'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_delete_imported_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:DELETE, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_delete_imported_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Derive Token
+    # Mints a short-lived JWT or Macaroon token from an API key. Works with both issued and imported keys. The derived token inherits the permissions of the parent API key.  ```http POST /v2alpha1/admin/apiKeys:derive {   \"credential\": \"eyJhbGciOiJFZERTQSI...\",   \"ttl\": \"1h\" } ```
+    # @param derive_token_request [DeriveTokenRequest] 
+    # @param [Hash] opts the optional parameters
+    # @return [DeriveTokenResponse]
+    def admin_derive_token(derive_token_request, opts = {})
+      data, _status_code, _headers = admin_derive_token_with_http_info(derive_token_request, opts)
+      data
+    end
+
+    # Derive Token
+    # Mints a short-lived JWT or Macaroon token from an API key. Works with both issued and imported keys. The derived token inherits the permissions of the parent API key.  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/apiKeys:derive {   \&quot;credential\&quot;: \&quot;eyJhbGciOiJFZERTQSI...\&quot;,   \&quot;ttl\&quot;: \&quot;1h\&quot; } &#x60;&#x60;&#x60;
+    # @param derive_token_request [DeriveTokenRequest] 
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(DeriveTokenResponse, Integer, Hash)>] DeriveTokenResponse data, response status code and response headers
+    def admin_derive_token_with_http_info(derive_token_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_derive_token ...'
+      end
+      # verify the required parameter 'derive_token_request' is set
+      if @api_client.config.client_side_validation && derive_token_request.nil?
+        fail ArgumentError, "Missing the required parameter 'derive_token_request' when calling APIKeysApi.admin_derive_token"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/apiKeys:derive'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(derive_token_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'DeriveTokenResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_derive_token",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_derive_token\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Get Imported API Key
+    # Retrieves details about a specific imported key. Returns metadata about the imported key. The original raw key is never returned.  ```http GET /v2alpha1/admin/importedApiKeys/{key_id} ```
+    # @param key_id [String] SHA512/256 hash of the imported key (REQUIRED)
+    # @param [Hash] opts the optional parameters
+    # @return [ImportedAPIKey]
+    def admin_get_imported_api_key(key_id, opts = {})
+      data, _status_code, _headers = admin_get_imported_api_key_with_http_info(key_id, opts)
+      data
+    end
+
+    # Get Imported API Key
+    # Retrieves details about a specific imported key. Returns metadata about the imported key. The original raw key is never returned.  &#x60;&#x60;&#x60;http GET /v2alpha1/admin/importedApiKeys/{key_id} &#x60;&#x60;&#x60;
+    # @param key_id [String] SHA512/256 hash of the imported key (REQUIRED)
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(ImportedAPIKey, Integer, Hash)>] ImportedAPIKey data, response status code and response headers
+    def admin_get_imported_api_key_with_http_info(key_id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_get_imported_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_get_imported_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys/{key_id}'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ImportedAPIKey'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_get_imported_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_get_imported_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Get Issued API Key
+    # Retrieves details about a specific issued API key including its status, scopes, expiration, and usage statistics. The secret is never returned.  ```http GET /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ ```
+    # @param key_id [String] Identifier of the API key resource.
+    # @param [Hash] opts the optional parameters
+    # @return [IssuedAPIKey]
+    def admin_get_issued_api_key(key_id, opts = {})
+      data, _status_code, _headers = admin_get_issued_api_key_with_http_info(key_id, opts)
+      data
+    end
+
+    # Get Issued API Key
+    # Retrieves details about a specific issued API key including its status, scopes, expiration, and usage statistics. The secret is never returned.  &#x60;&#x60;&#x60;http GET /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ &#x60;&#x60;&#x60;
+    # @param key_id [String] Identifier of the API key resource.
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(IssuedAPIKey, Integer, Hash)>] IssuedAPIKey data, response status code and response headers
+    def admin_get_issued_api_key_with_http_info(key_id, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_get_issued_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_get_issued_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/issuedApiKeys/{key_id}'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'IssuedAPIKey'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_get_issued_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_get_issued_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Get JWKS
+    # Returns the JSON Web Key Set for token verification. Provides the public keys needed to verify JWT tokens issued by this service. Keys are loaded from configuration (file://, https://, or base64:// URIs). Follows the JWKS standard (RFC 7517).  ```http GET /v2alpha1/admin/derivedKeys/jwks.json ```
+    # @param [Hash] opts the optional parameters
+    # @return [GetJWKSResponse]
+    def admin_get_jwks(opts = {})
+      data, _status_code, _headers = admin_get_jwks_with_http_info(opts)
+      data
+    end
+
+    # Get JWKS
+    # Returns the JSON Web Key Set for token verification. Provides the public keys needed to verify JWT tokens issued by this service. Keys are loaded from configuration (file://, https://, or base64:// URIs). Follows the JWKS standard (RFC 7517).  &#x60;&#x60;&#x60;http GET /v2alpha1/admin/derivedKeys/jwks.json &#x60;&#x60;&#x60;
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(GetJWKSResponse, Integer, Hash)>] GetJWKSResponse data, response status code and response headers
+    def admin_get_jwks_with_http_info(opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_get_jwks ...'
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/derivedKeys/jwks.json'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'GetJWKSResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_get_jwks",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_get_jwks\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Import API Key
+    # Imports an external API key into the system. Allows importing keys from legacy systems or external providers. The raw key is hashed and stored securely (HMAC). Imported keys support token derivation (JWT/Macaroon) like issued keys.  ```http POST /v2alpha1/admin/importedApiKeys {   \"raw_key\": \"sk_live_abc123xyz\",   \"name\": \"Imported Stripe Key\",   \"actor_id\": \"user_123\" } ```
+    # @param import_api_key_request [ImportAPIKeyRequest] Example:   {     \&quot;raw_key\&quot;: \&quot;sk_live_abc123xyz789\&quot;,     \&quot;name\&quot;: \&quot;Stripe Production Key\&quot;,     \&quot;actor_id\&quot;: \&quot;payment-processor\&quot;,     \&quot;scopes\&quot;: [\&quot;read\&quot;, \&quot;write\&quot;],     \&quot;ttl\&quot;: \&quot;8760h\&quot;,  // 1 year (also accepts: 31536000s)     \&quot;metadata\&quot;: {\&quot;source\&quot;: \&quot;stripe\&quot;, \&quot;environment\&quot;: \&quot;production\&quot;}   }
+    # @param [Hash] opts the optional parameters
+    # @return [ImportedAPIKey]
+    def admin_import_api_key(import_api_key_request, opts = {})
+      data, _status_code, _headers = admin_import_api_key_with_http_info(import_api_key_request, opts)
+      data
+    end
+
+    # Import API Key
+    # Imports an external API key into the system. Allows importing keys from legacy systems or external providers. The raw key is hashed and stored securely (HMAC). Imported keys support token derivation (JWT/Macaroon) like issued keys.  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/importedApiKeys {   \&quot;raw_key\&quot;: \&quot;sk_live_abc123xyz\&quot;,   \&quot;name\&quot;: \&quot;Imported Stripe Key\&quot;,   \&quot;actor_id\&quot;: \&quot;user_123\&quot; } &#x60;&#x60;&#x60;
+    # @param import_api_key_request [ImportAPIKeyRequest] Example:   {     \&quot;raw_key\&quot;: \&quot;sk_live_abc123xyz789\&quot;,     \&quot;name\&quot;: \&quot;Stripe Production Key\&quot;,     \&quot;actor_id\&quot;: \&quot;payment-processor\&quot;,     \&quot;scopes\&quot;: [\&quot;read\&quot;, \&quot;write\&quot;],     \&quot;ttl\&quot;: \&quot;8760h\&quot;,  // 1 year (also accepts: 31536000s)     \&quot;metadata\&quot;: {\&quot;source\&quot;: \&quot;stripe\&quot;, \&quot;environment\&quot;: \&quot;production\&quot;}   }
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(ImportedAPIKey, Integer, Hash)>] ImportedAPIKey data, response status code and response headers
+    def admin_import_api_key_with_http_info(import_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_import_api_key ...'
+      end
+      # verify the required parameter 'import_api_key_request' is set
+      if @api_client.config.client_side_validation && import_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'import_api_key_request' when calling APIKeysApi.admin_import_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(import_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ImportedAPIKey'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_import_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_import_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Issue API Key
+    # Creates a new API key for a given actor. The secret is returned only once in the response and cannot be retrieved later. Keys can be scoped with specific permissions and have optional expiration.  ```http POST /v2alpha1/admin/issuedApiKeys {   \"name\": \"production-service\",   \"actor_id\": \"user_123\",   \"scopes\": [\"read\", \"write\"],   \"ttl\": \"8760h\" } ```
+    # @param issue_api_key_request [IssueAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @return [IssueAPIKeyResponse]
+    def admin_issue_api_key(issue_api_key_request, opts = {})
+      data, _status_code, _headers = admin_issue_api_key_with_http_info(issue_api_key_request, opts)
+      data
+    end
+
+    # Issue API Key
+    # Creates a new API key for a given actor. The secret is returned only once in the response and cannot be retrieved later. Keys can be scoped with specific permissions and have optional expiration.  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/issuedApiKeys {   \&quot;name\&quot;: \&quot;production-service\&quot;,   \&quot;actor_id\&quot;: \&quot;user_123\&quot;,   \&quot;scopes\&quot;: [\&quot;read\&quot;, \&quot;write\&quot;],   \&quot;ttl\&quot;: \&quot;8760h\&quot; } &#x60;&#x60;&#x60;
+    # @param issue_api_key_request [IssueAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(IssueAPIKeyResponse, Integer, Hash)>] IssueAPIKeyResponse data, response status code and response headers
+    def admin_issue_api_key_with_http_info(issue_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_issue_api_key ...'
+      end
+      # verify the required parameter 'issue_api_key_request' is set
+      if @api_client.config.client_side_validation && issue_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'issue_api_key_request' when calling APIKeysApi.admin_issue_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/issuedApiKeys'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(issue_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'IssueAPIKeyResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_issue_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_issue_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # List Imported API Keys
+    # Lists all imported keys with filtering. Returns imported keys only (not issued keys). Supports pagination and AIP-160 filter expressions.  ```http GET /v2alpha1/admin/importedApiKeys?page_size=50&filter=status%3DKEY_STATUS_ACTIVE ```
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :page_size Number of items per page (default: 50, max: 1000)
+    # @option opts [String] :page_token Cursor token for pagination (OPTIONAL)
+    # @option opts [String] :filter filter is an AIP-160 expression. Indexed fields (efficient at any scale):   actor_id, status. Other fields are not indexed and may be rejected. Examples:   actor_id&#x3D;\&quot;user_123\&quot;   status&#x3D;KEY_STATUS_ACTIVE   actor_id&#x3D;\&quot;user_123\&quot; AND status&#x3D;KEY_STATUS_ACTIVE
+    # @return [ListImportedAPIKeysResponse]
+    def admin_list_imported_api_keys(opts = {})
+      data, _status_code, _headers = admin_list_imported_api_keys_with_http_info(opts)
+      data
+    end
+
+    # List Imported API Keys
+    # Lists all imported keys with filtering. Returns imported keys only (not issued keys). Supports pagination and AIP-160 filter expressions.  &#x60;&#x60;&#x60;http GET /v2alpha1/admin/importedApiKeys?page_size&#x3D;50&amp;filter&#x3D;status%3DKEY_STATUS_ACTIVE &#x60;&#x60;&#x60;
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :page_size Number of items per page (default: 50, max: 1000)
+    # @option opts [String] :page_token Cursor token for pagination (OPTIONAL)
+    # @option opts [String] :filter filter is an AIP-160 expression. Indexed fields (efficient at any scale):   actor_id, status. Other fields are not indexed and may be rejected. Examples:   actor_id&#x3D;\&quot;user_123\&quot;   status&#x3D;KEY_STATUS_ACTIVE   actor_id&#x3D;\&quot;user_123\&quot; AND status&#x3D;KEY_STATUS_ACTIVE
+    # @return [Array<(ListImportedAPIKeysResponse, Integer, Hash)>] ListImportedAPIKeysResponse data, response status code and response headers
+    def admin_list_imported_api_keys_with_http_info(opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_list_imported_api_keys ...'
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'page_size'] = opts[:'page_size'] if !opts[:'page_size'].nil?
+      query_params[:'page_token'] = opts[:'page_token'] if !opts[:'page_token'].nil?
+      query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ListImportedAPIKeysResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_list_imported_api_keys",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_list_imported_api_keys\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # List Issued API Keys
+    # Lists issued API keys with optional filtering. Supports cursor-based pagination and AIP-160 filter expressions. Returns only issued (generated) API keys; use ListImportedAPIKeys for imported keys.  ```http GET /v2alpha1/admin/issuedApiKeys?page_size=50&filter=actor_id%3D%22user_123%22 ```
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :page_size Number of items per page (default: 50, max: 1000)
+    # @option opts [String] :page_token Cursor token for pagination
+    # @option opts [String] :filter filter is an AIP-160 expression. Indexed fields (efficient at any scale):   actor_id, status. Other fields are not indexed and may be rejected. Examples:   actor_id&#x3D;\&quot;user_123\&quot;   status&#x3D;KEY_STATUS_ACTIVE   actor_id&#x3D;\&quot;user_123\&quot; AND status&#x3D;KEY_STATUS_ACTIVE
+    # @return [ListIssuedAPIKeysResponse]
+    def admin_list_issued_api_keys(opts = {})
+      data, _status_code, _headers = admin_list_issued_api_keys_with_http_info(opts)
+      data
+    end
+
+    # List Issued API Keys
+    # Lists issued API keys with optional filtering. Supports cursor-based pagination and AIP-160 filter expressions. Returns only issued (generated) API keys; use ListImportedAPIKeys for imported keys.  &#x60;&#x60;&#x60;http GET /v2alpha1/admin/issuedApiKeys?page_size&#x3D;50&amp;filter&#x3D;actor_id%3D%22user_123%22 &#x60;&#x60;&#x60;
+    # @param [Hash] opts the optional parameters
+    # @option opts [Integer] :page_size Number of items per page (default: 50, max: 1000)
+    # @option opts [String] :page_token Cursor token for pagination
+    # @option opts [String] :filter filter is an AIP-160 expression. Indexed fields (efficient at any scale):   actor_id, status. Other fields are not indexed and may be rejected. Examples:   actor_id&#x3D;\&quot;user_123\&quot;   status&#x3D;KEY_STATUS_ACTIVE   actor_id&#x3D;\&quot;user_123\&quot; AND status&#x3D;KEY_STATUS_ACTIVE
+    # @return [Array<(ListIssuedAPIKeysResponse, Integer, Hash)>] ListIssuedAPIKeysResponse data, response status code and response headers
+    def admin_list_issued_api_keys_with_http_info(opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_list_issued_api_keys ...'
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/issuedApiKeys'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'page_size'] = opts[:'page_size'] if !opts[:'page_size'].nil?
+      query_params[:'page_token'] = opts[:'page_token'] if !opts[:'page_token'].nil?
+      query_params[:'filter'] = opts[:'filter'] if !opts[:'filter'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body]
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ListIssuedAPIKeysResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_list_issued_api_keys",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_list_issued_api_keys\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Revoke API Key
+    # Immediately revokes an API key (issued or imported). Once revoked, the key can no longer be used for authentication. This operation is irreversible. Revoked keys are retained for audit purposes.  ```http POST /v2alpha1/admin/apiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ:revoke {   \"reason\": \"REVOCATION_REASON_KEY_COMPROMISE\" } ```
+    # @param key_id [String] Identifier of the API key resource.
+    # @param admin_revoke_api_key_body [AdminRevokeAPIKeyBody] 
+    # @param [Hash] opts the optional parameters
+    # @return [Object]
+    def admin_revoke_api_key(key_id, admin_revoke_api_key_body, opts = {})
+      data, _status_code, _headers = admin_revoke_api_key_with_http_info(key_id, admin_revoke_api_key_body, opts)
+      data
+    end
+
+    # Revoke API Key
+    # Immediately revokes an API key (issued or imported). Once revoked, the key can no longer be used for authentication. This operation is irreversible. Revoked keys are retained for audit purposes.  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/apiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ:revoke {   \&quot;reason\&quot;: \&quot;REVOCATION_REASON_KEY_COMPROMISE\&quot; } &#x60;&#x60;&#x60;
+    # @param key_id [String] Identifier of the API key resource.
+    # @param admin_revoke_api_key_body [AdminRevokeAPIKeyBody] 
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(Object, Integer, Hash)>] Object data, response status code and response headers
+    def admin_revoke_api_key_with_http_info(key_id, admin_revoke_api_key_body, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_revoke_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_revoke_api_key"
+      end
+      # verify the required parameter 'admin_revoke_api_key_body' is set
+      if @api_client.config.client_side_validation && admin_revoke_api_key_body.nil?
+        fail ArgumentError, "Missing the required parameter 'admin_revoke_api_key_body' when calling APIKeysApi.admin_revoke_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/apiKeys/{key_id}:revoke'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(admin_revoke_api_key_body)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'Object'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_revoke_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_revoke_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Rotate Issued API Key
+    # Generates a new secret for an issued API key. Creates a new API key with a new key_id and secret, and immediately revokes the old key. This is the recommended way to update scopes, metadata, or rotate credentials.  For zero-downtime rotation, use this workflow instead:   1. IssueAPIKey with new credentials   2. Deploy new secret to all services   3. Verify new secret works everywhere   4. RevokeAPIKey to remove the old key  ```http POST /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ:rotate {   \"scopes\": [\"read\"] } ```
+    # @param key_id [String] key_id is the ID of the existing API key to rotate
+    # @param admin_rotate_issued_api_key_body [AdminRotateIssuedAPIKeyBody] 
+    # @param [Hash] opts the optional parameters
+    # @return [RotateIssuedAPIKeyResponse]
+    def admin_rotate_issued_api_key(key_id, admin_rotate_issued_api_key_body, opts = {})
+      data, _status_code, _headers = admin_rotate_issued_api_key_with_http_info(key_id, admin_rotate_issued_api_key_body, opts)
+      data
+    end
+
+    # Rotate Issued API Key
+    # Generates a new secret for an issued API key. Creates a new API key with a new key_id and secret, and immediately revokes the old key. This is the recommended way to update scopes, metadata, or rotate credentials.  For zero-downtime rotation, use this workflow instead:   1. IssueAPIKey with new credentials   2. Deploy new secret to all services   3. Verify new secret works everywhere   4. RevokeAPIKey to remove the old key  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ:rotate {   \&quot;scopes\&quot;: [\&quot;read\&quot;] } &#x60;&#x60;&#x60;
+    # @param key_id [String] key_id is the ID of the existing API key to rotate
+    # @param admin_rotate_issued_api_key_body [AdminRotateIssuedAPIKeyBody] 
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(RotateIssuedAPIKeyResponse, Integer, Hash)>] RotateIssuedAPIKeyResponse data, response status code and response headers
+    def admin_rotate_issued_api_key_with_http_info(key_id, admin_rotate_issued_api_key_body, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_rotate_issued_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_rotate_issued_api_key"
+      end
+      # verify the required parameter 'admin_rotate_issued_api_key_body' is set
+      if @api_client.config.client_side_validation && admin_rotate_issued_api_key_body.nil?
+        fail ArgumentError, "Missing the required parameter 'admin_rotate_issued_api_key_body' when calling APIKeysApi.admin_rotate_issued_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/issuedApiKeys/{key_id}:rotate'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(admin_rotate_issued_api_key_body)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'RotateIssuedAPIKeyResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_rotate_issued_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_rotate_issued_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Update Imported API Key
+    # Updates metadata, scopes, or rate limits of an imported key. Supports partial updates via the update_mask query parameter (AIP-134). Omitting update_mask is equivalent to a mask of every populated field in the body. To clear a field to its zero value, list it explicitly in update_mask and leave it unset (or empty) in the body.  ```http PATCH /v2alpha1/admin/importedApiKeys/{key_id}?update_mask=name {   \"imported_api_key\": {     \"key_id\": \"{key_id}\",     \"name\": \"New name\"   } } ```
+    # @param key_id [String] SHA-512/256 hash of credential
+    # @param admin_update_imported_api_key_request [AdminUpdateImportedAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :update_mask The list of fields to update. See AIP-134.
+    # @return [ImportedAPIKey]
+    def admin_update_imported_api_key(key_id, admin_update_imported_api_key_request, opts = {})
+      data, _status_code, _headers = admin_update_imported_api_key_with_http_info(key_id, admin_update_imported_api_key_request, opts)
+      data
+    end
+
+    # Update Imported API Key
+    # Updates metadata, scopes, or rate limits of an imported key. Supports partial updates via the update_mask query parameter (AIP-134). Omitting update_mask is equivalent to a mask of every populated field in the body. To clear a field to its zero value, list it explicitly in update_mask and leave it unset (or empty) in the body.  &#x60;&#x60;&#x60;http PATCH /v2alpha1/admin/importedApiKeys/{key_id}?update_mask&#x3D;name {   \&quot;imported_api_key\&quot;: {     \&quot;key_id\&quot;: \&quot;{key_id}\&quot;,     \&quot;name\&quot;: \&quot;New name\&quot;   } } &#x60;&#x60;&#x60;
+    # @param key_id [String] SHA-512/256 hash of credential
+    # @param admin_update_imported_api_key_request [AdminUpdateImportedAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :update_mask The list of fields to update. See AIP-134.
+    # @return [Array<(ImportedAPIKey, Integer, Hash)>] ImportedAPIKey data, response status code and response headers
+    def admin_update_imported_api_key_with_http_info(key_id, admin_update_imported_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_update_imported_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_update_imported_api_key"
+      end
+      # verify the required parameter 'admin_update_imported_api_key_request' is set
+      if @api_client.config.client_side_validation && admin_update_imported_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'admin_update_imported_api_key_request' when calling APIKeysApi.admin_update_imported_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/importedApiKeys/{key_id}'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'update_mask'] = opts[:'update_mask'] if !opts[:'update_mask'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(admin_update_imported_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'ImportedAPIKey'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_update_imported_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_update_imported_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Update Issued API Key
+    # Updates metadata, scopes, or rate limits of an issued key without rotating the secret. Use RotateIssuedAPIKey to change the secret.  Follows AIP-134: the request body is the IssuedAPIKey resource itself, and the update_mask query parameter names the subset of fields to apply. Omitting update_mask is equivalent to a mask of every populated field in the body. To clear a field to its zero value, list it explicitly in update_mask and leave it unset (or empty) in the body.  ```http PATCH /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ?update_mask=scopes {   \"issued_api_key\": {     \"key_id\": \"01HQZX9VYQKJB8XQZQXQZQXQXQ\",     \"scopes\": [\"read\"]   } } ```
+    # @param key_id [String] Identifier of the API key resource.
+    # @param admin_update_issued_api_key_request [AdminUpdateIssuedAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :update_mask The list of fields to update. See AIP-134.
+    # @return [IssuedAPIKey]
+    def admin_update_issued_api_key(key_id, admin_update_issued_api_key_request, opts = {})
+      data, _status_code, _headers = admin_update_issued_api_key_with_http_info(key_id, admin_update_issued_api_key_request, opts)
+      data
+    end
+
+    # Update Issued API Key
+    # Updates metadata, scopes, or rate limits of an issued key without rotating the secret. Use RotateIssuedAPIKey to change the secret.  Follows AIP-134: the request body is the IssuedAPIKey resource itself, and the update_mask query parameter names the subset of fields to apply. Omitting update_mask is equivalent to a mask of every populated field in the body. To clear a field to its zero value, list it explicitly in update_mask and leave it unset (or empty) in the body.  &#x60;&#x60;&#x60;http PATCH /v2alpha1/admin/issuedApiKeys/01HQZX9VYQKJB8XQZQXQZQXQXQ?update_mask&#x3D;scopes {   \&quot;issued_api_key\&quot;: {     \&quot;key_id\&quot;: \&quot;01HQZX9VYQKJB8XQZQXQZQXQXQ\&quot;,     \&quot;scopes\&quot;: [\&quot;read\&quot;]   } } &#x60;&#x60;&#x60;
+    # @param key_id [String] Identifier of the API key resource.
+    # @param admin_update_issued_api_key_request [AdminUpdateIssuedAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :update_mask The list of fields to update. See AIP-134.
+    # @return [Array<(IssuedAPIKey, Integer, Hash)>] IssuedAPIKey data, response status code and response headers
+    def admin_update_issued_api_key_with_http_info(key_id, admin_update_issued_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_update_issued_api_key ...'
+      end
+      # verify the required parameter 'key_id' is set
+      if @api_client.config.client_side_validation && key_id.nil?
+        fail ArgumentError, "Missing the required parameter 'key_id' when calling APIKeysApi.admin_update_issued_api_key"
+      end
+      # verify the required parameter 'admin_update_issued_api_key_request' is set
+      if @api_client.config.client_side_validation && admin_update_issued_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'admin_update_issued_api_key_request' when calling APIKeysApi.admin_update_issued_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/issuedApiKeys/{key_id}'.sub('{' + 'key_id' + '}', CGI.escape(key_id.to_s))
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+      query_params[:'update_mask'] = opts[:'update_mask'] if !opts[:'update_mask'].nil?
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(admin_update_issued_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'IssuedAPIKey'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_update_issued_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:PATCH, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_update_issued_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Verify API Key
+    # Verifies a single API key or derived token. Validates the credential's signature, expiration, and revocation status. Works with any credential type (issued keys, imported keys, JWT, macaroon). The verification result includes decoded claims and metadata — admin access only.  Cache Control (HTTP Headers):   - Cache-Control: no-cache  - Bypasses cache read, forces fresh DB lookup   - Cache-Control: no-store  - Bypasses cache read AND write (never cached)   - Pragma: no-cache         - Same as Cache-Control: no-cache (HTTP/1.0)  ```http POST /v2alpha1/admin/apiKeys:verify {   \"credential\": \"sk_live_abc123...\" } ```
+    # @param verify_api_key_request [VerifyAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :cache_control Cache-directive controlling the verifier cache. &#x60;no-cache&#x60; forces a fresh database lookup (cache read is bypassed). &#x60;no-store&#x60; additionally prevents the result from being written to the cache. Any other value is ignored.
+    # @option opts [String] :pragma HTTP/1.0 alias for &#x60;Cache-Control: no-cache&#x60;. Behaves identically when set to &#x60;no-cache&#x60;; ignored otherwise.
+    # @return [VerifyAPIKeyResponse]
+    def admin_verify_api_key(verify_api_key_request, opts = {})
+      data, _status_code, _headers = admin_verify_api_key_with_http_info(verify_api_key_request, opts)
+      data
+    end
+
+    # Verify API Key
+    # Verifies a single API key or derived token. Validates the credential&#39;s signature, expiration, and revocation status. Works with any credential type (issued keys, imported keys, JWT, macaroon). The verification result includes decoded claims and metadata — admin access only.  Cache Control (HTTP Headers):   - Cache-Control: no-cache  - Bypasses cache read, forces fresh DB lookup   - Cache-Control: no-store  - Bypasses cache read AND write (never cached)   - Pragma: no-cache         - Same as Cache-Control: no-cache (HTTP/1.0)  &#x60;&#x60;&#x60;http POST /v2alpha1/admin/apiKeys:verify {   \&quot;credential\&quot;: \&quot;sk_live_abc123...\&quot; } &#x60;&#x60;&#x60;
+    # @param verify_api_key_request [VerifyAPIKeyRequest] 
+    # @param [Hash] opts the optional parameters
+    # @option opts [String] :cache_control Cache-directive controlling the verifier cache. &#x60;no-cache&#x60; forces a fresh database lookup (cache read is bypassed). &#x60;no-store&#x60; additionally prevents the result from being written to the cache. Any other value is ignored.
+    # @option opts [String] :pragma HTTP/1.0 alias for &#x60;Cache-Control: no-cache&#x60;. Behaves identically when set to &#x60;no-cache&#x60;; ignored otherwise.
+    # @return [Array<(VerifyAPIKeyResponse, Integer, Hash)>] VerifyAPIKeyResponse data, response status code and response headers
+    def admin_verify_api_key_with_http_info(verify_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.admin_verify_api_key ...'
+      end
+      # verify the required parameter 'verify_api_key_request' is set
+      if @api_client.config.client_side_validation && verify_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'verify_api_key_request' when calling APIKeysApi.admin_verify_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/admin/apiKeys:verify'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+      header_params[:'Cache-Control'] = opts[:'cache_control'] if !opts[:'cache_control'].nil?
+      header_params[:'Pragma'] = opts[:'pragma'] if !opts[:'pragma'].nil?
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(verify_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'VerifyAPIKeyResponse'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || ['oryAccessToken']
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.admin_verify_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#admin_verify_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+
+    # Revoke API Key (self-service)
+    # Proof-of-possession variant of revocation. Lives alongside `AdminRevokeAPIKey` in this service; the `Self*` prefix on the request/response messages disambiguates from the admin variant's `RevokeAPIKeyRequest`.  Allows an API key holder to revoke their own key. The caller must provide the full API key secret as proof of possession. Supports issued API keys and imported keys. JWT and macaroon tokens cannot be self-revoked (they are stateless).  The PRIVILEGE_WITHDRAWN reason is not allowed for self-revocation (admin-only).  ```http POST /v2alpha1/apiKeys:selfRevoke {   \"credential\": \"sk_live_abc123...\",   \"reason\": \"REVOCATION_REASON_KEY_COMPROMISE\" } ```
+    # @param self_revoke_api_key_request [SelfRevokeAPIKeyRequest] SelfRevokeAPIKeyRequest allows an API key holder to revoke their own key by providing the full key secret as proof of possession.
+    # @param [Hash] opts the optional parameters
+    # @return [Object]
+    def revoke_api_key(self_revoke_api_key_request, opts = {})
+      data, _status_code, _headers = revoke_api_key_with_http_info(self_revoke_api_key_request, opts)
+      data
+    end
+
+    # Revoke API Key (self-service)
+    # Proof-of-possession variant of revocation. Lives alongside &#x60;AdminRevokeAPIKey&#x60; in this service; the &#x60;Self*&#x60; prefix on the request/response messages disambiguates from the admin variant&#39;s &#x60;RevokeAPIKeyRequest&#x60;.  Allows an API key holder to revoke their own key. The caller must provide the full API key secret as proof of possession. Supports issued API keys and imported keys. JWT and macaroon tokens cannot be self-revoked (they are stateless).  The PRIVILEGE_WITHDRAWN reason is not allowed for self-revocation (admin-only).  &#x60;&#x60;&#x60;http POST /v2alpha1/apiKeys:selfRevoke {   \&quot;credential\&quot;: \&quot;sk_live_abc123...\&quot;,   \&quot;reason\&quot;: \&quot;REVOCATION_REASON_KEY_COMPROMISE\&quot; } &#x60;&#x60;&#x60;
+    # @param self_revoke_api_key_request [SelfRevokeAPIKeyRequest] SelfRevokeAPIKeyRequest allows an API key holder to revoke their own key by providing the full key secret as proof of possession.
+    # @param [Hash] opts the optional parameters
+    # @return [Array<(Object, Integer, Hash)>] Object data, response status code and response headers
+    def revoke_api_key_with_http_info(self_revoke_api_key_request, opts = {})
+      if @api_client.config.debugging
+        @api_client.config.logger.debug 'Calling API: APIKeysApi.revoke_api_key ...'
+      end
+      # verify the required parameter 'self_revoke_api_key_request' is set
+      if @api_client.config.client_side_validation && self_revoke_api_key_request.nil?
+        fail ArgumentError, "Missing the required parameter 'self_revoke_api_key_request' when calling APIKeysApi.revoke_api_key"
+      end
+      # resource path
+      local_var_path = '/v2alpha1/apiKeys:selfRevoke'
+
+      # query parameters
+      query_params = opts[:query_params] || {}
+
+      # header parameters
+      header_params = opts[:header_params] || {}
+      # HTTP header 'Accept' (if needed)
+      header_params['Accept'] = @api_client.select_header_accept(['application/json']) unless header_params['Accept']
+      # HTTP header 'Content-Type'
+      content_type = @api_client.select_header_content_type(['application/json'])
+      if !content_type.nil?
+          header_params['Content-Type'] = content_type
+      end
+
+      # form parameters
+      form_params = opts[:form_params] || {}
+
+      # http body (model)
+      post_body = opts[:debug_body] || @api_client.object_to_http_body(self_revoke_api_key_request)
+
+      # return_type
+      return_type = opts[:debug_return_type] || 'Object'
+
+      # auth_names
+      auth_names = opts[:debug_auth_names] || []
+
+      new_options = opts.merge(
+        :operation => :"APIKeysApi.revoke_api_key",
+        :header_params => header_params,
+        :query_params => query_params,
+        :form_params => form_params,
+        :body => post_body,
+        :auth_names => auth_names,
+        :return_type => return_type
+      )
+
+      data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
+      if @api_client.config.debugging
+        @api_client.config.logger.debug "API called: APIKeysApi#revoke_api_key\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
+      end
+      return data, status_code, headers
+    end
+  end
+end