@unkey/api 0.22.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +2160 -481
  2. package/dist/index.d.ts +2160 -481
  3. package/dist/index.js +1 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +1 -1
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +3 -3
package/dist/index.d.ts CHANGED
@@ -37,6 +37,24 @@ interface paths {
37
37
  "/v1/keys.getVerifications": {
38
38
  get: operations["getVerifications"];
39
39
  };
40
+ "/v1/keys.addPermissions": {
41
+ post: operations["addPermissions"];
42
+ };
43
+ "/v1/keys.removePermissions": {
44
+ post: operations["removePermissions"];
45
+ };
46
+ "/v1/keys.setPermissions": {
47
+ post: operations["setPermissions"];
48
+ };
49
+ "/v1/keys.addRoles": {
50
+ post: operations["addRoles"];
51
+ };
52
+ "/v1/keys.removeRoles": {
53
+ post: operations["removeRoles"];
54
+ };
55
+ "/v1/keys.setRoles": {
56
+ post: operations["setRoles"];
57
+ };
40
58
  "/v1/apis.getApi": {
41
59
  get: operations["getApi"];
42
60
  };
@@ -61,6 +79,45 @@ interface paths {
61
79
  "/v1/migrations.enqueueKeys": {
62
80
  post: operations["v1.migrations.enqueueKeys"];
63
81
  };
82
+ "/v1/permissions.createPermission": {
83
+ post: operations["createPermission"];
84
+ };
85
+ "/v1/permissions.deletePermission": {
86
+ post: operations["deletePermission"];
87
+ };
88
+ "/v1/permissions.getPermission": {
89
+ get: operations["getPermission"];
90
+ };
91
+ "/v1/permissions.listPermissions": {
92
+ get: operations["listPermissions"];
93
+ };
94
+ "/v1/permissions.createRole": {
95
+ post: operations["createRole"];
96
+ };
97
+ "/v1/permissions.deleteRole": {
98
+ post: operations["deleteRole"];
99
+ };
100
+ "/v1/permissions.getRole": {
101
+ get: operations["getRole"];
102
+ };
103
+ "/v1/permissions.listRoles": {
104
+ get: operations["listRoles"];
105
+ };
106
+ "/v1/identities.createIdentity": {
107
+ post: operations["createIdentity"];
108
+ };
109
+ "/v1/identities.getIdentity": {
110
+ get: operations["getIdentity"];
111
+ };
112
+ "/v1/identities.listIdentities": {
113
+ get: operations["listIdentities"];
114
+ };
115
+ "/v1/identities.updateIdentity": {
116
+ post: operations["updateIdentity"];
117
+ };
118
+ "/v1/identities.deleteIdentity": {
119
+ post: operations["deleteeIdentity"];
120
+ };
64
121
  "/v1/keys": {
65
122
  post: operations["deprecated.createKey"];
66
123
  };
@@ -412,7 +469,7 @@ interface components {
412
469
  */
413
470
  expires?: number;
414
471
  /**
415
- * @description Multi ratelimits TODO:
472
+ * @description The ratelimit configuration for this key. If this field is null or undefined, the key has no ratelimit.
416
473
  * @example {
417
474
  * "limit": 10,
418
475
  * "remaining": 9,
@@ -452,10 +509,11 @@ interface components {
452
509
  * - UNAUTHORIZED: the key is not authorized
453
510
  * - DISABLED: the key is disabled
454
511
  * - INSUFFICIENT_PERMISSIONS: you do not have the required permissions to perform this action
512
+ * - EXPIRED: The key was only valid for a certain time and has expired.
455
513
  *
456
514
  * @enum {string}
457
515
  */
458
- code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
516
+ code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
459
517
  /** @description Sets the key to be enabled or disabled. Disabled keys will not verify. */
460
518
  enabled?: boolean;
461
519
  /**
@@ -471,6 +529,14 @@ interface components {
471
529
  * @example test
472
530
  */
473
531
  environment?: string;
532
+ /** @description The associated identity of this key. */
533
+ identity?: {
534
+ id: string;
535
+ externalId: string;
536
+ meta: {
537
+ [key: string]: unknown;
538
+ };
539
+ };
474
540
  };
475
541
  /** @description A query for which permissions you require */
476
542
  PermissionQuery: OneOf<[string, {
@@ -494,6 +560,10 @@ interface components {
494
560
  authorization?: {
495
561
  permissions?: components["schemas"]["PermissionQuery"];
496
562
  };
563
+ /**
564
+ * @deprecated
565
+ * @description Use 'ratelimits' with `[{ name: "default", cost: 2}]`
566
+ */
497
567
  ratelimit?: {
498
568
  /**
499
569
  * @description Override how many tokens are deducted during the ratelimit operation.
@@ -501,9 +571,25 @@ interface components {
501
571
  */
502
572
  cost?: number;
503
573
  };
574
+ /**
575
+ * @description You can check against multiple ratelimits when verifying a key. Let's say you are building an app that uses AI under the hood and you want to limit your customers to 500 requests per hour, but also ensure they use up less than 20k tokens per day.
576
+ *
577
+ * @example [
578
+ * {
579
+ * "name": "requests",
580
+ * "limit": 500,
581
+ * "duration": 3600000
582
+ * },
583
+ * {
584
+ * "name": "tokens",
585
+ * "limit": 20000,
586
+ * "duration": 86400000
587
+ * }
588
+ * ]
589
+ */
504
590
  ratelimits?: {
505
591
  /**
506
- * @description The name of the ratelimit
592
+ * @description The name of the ratelimit.
507
593
  * @example tokens
508
594
  */
509
595
  name: string;
@@ -512,11 +598,6 @@ interface components {
512
598
  * @default 1
513
599
  */
514
600
  cost?: number;
515
- /**
516
- * @description The identifier used for ratelimiting. If omitted, we use the key's id.
517
- * @default key id
518
- */
519
- identifier?: string;
520
601
  /** @description Optionally override the limit. */
521
602
  limit?: number;
522
603
  /** @description Optionally override the ratelimit window duration. */
@@ -756,11 +837,17 @@ interface operations {
756
837
  */
757
838
  byteLength?: number;
758
839
  /**
759
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
760
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
840
+ * @deprecated
841
+ * @description Deprecated, use `externalId`
761
842
  * @example team_123
762
843
  */
763
844
  ownerId?: string;
845
+ /**
846
+ * @description Your user's Id. This will provide a link between Unkey and your customer record.
847
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
848
+ * @example team_123
849
+ */
850
+ externalId?: string;
764
851
  /**
765
852
  * @description This is a place for dynamic meta data, anything that feels useful for you should go here
766
853
  * @example {
@@ -1041,24 +1128,33 @@ interface operations {
1041
1128
  /**
1042
1129
  * @deprecated
1043
1130
  * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
1131
+ * Deprecated, use 'async' instead
1044
1132
  * @enum {string}
1045
1133
  */
1046
1134
  type?: "fast" | "consistent";
1047
1135
  /**
1048
- * @description Asnyc ratelimiting doesn't add latency, while sync ratelimiting is more accurate.
1136
+ * @description Asnyc ratelimiting doesn't add latency, while sync ratelimiting is slightly more accurate.
1049
1137
  * @default false
1050
1138
  */
1051
1139
  async?: boolean;
1052
- /** @description The total amount of burstable requests. */
1140
+ /** @description The total amount of requests allowed in a single window. */
1053
1141
  limit: number;
1054
1142
  /**
1055
1143
  * @deprecated
1056
1144
  * @description How many tokens to refill during each refillInterval.
1145
+ * Deprecated, use 'limit' instead.
1057
1146
  */
1058
1147
  refillRate?: number;
1059
- /** @description Determines the speed at which tokens are refilled, in milliseconds. */
1060
- refillInterval: number;
1061
- /** @description The duration of each ratelimit window, in milliseconds. */
1148
+ /**
1149
+ * @deprecated
1150
+ * @description Determines the speed at which tokens are refilled, in milliseconds.
1151
+ * Deprecated, use 'duration'
1152
+ */
1153
+ refillInterval?: number;
1154
+ /**
1155
+ * @description The duration of each ratelimit window, in milliseconds.
1156
+ * This field will become required in a future version.
1157
+ */
1062
1158
  duration?: number;
1063
1159
  }) | null;
1064
1160
  /**
@@ -1087,6 +1183,60 @@ interface operations {
1087
1183
  * @example true
1088
1184
  */
1089
1185
  enabled?: boolean;
1186
+ /**
1187
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1188
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1189
+ * @example [
1190
+ * {
1191
+ * "id": "perm_123"
1192
+ * },
1193
+ * {
1194
+ * "name": "dns.record.create"
1195
+ * },
1196
+ * {
1197
+ * "name": "dns.record.delete",
1198
+ * "create": true
1199
+ * }
1200
+ * ]
1201
+ */
1202
+ roles?: {
1203
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1204
+ id?: string;
1205
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1206
+ name?: string;
1207
+ /**
1208
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1209
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1210
+ */
1211
+ create?: boolean;
1212
+ }[];
1213
+ /**
1214
+ * @description The permissions you want to set for this key. This overwrites all existing permissions.
1215
+ * Setting permissions requires the `rbac.*.add_permission_to_key` permission.
1216
+ * @example [
1217
+ * {
1218
+ * "id": "perm_123"
1219
+ * },
1220
+ * {
1221
+ * "name": "dns.record.create"
1222
+ * },
1223
+ * {
1224
+ * "name": "dns.record.delete",
1225
+ * "create": true
1226
+ * }
1227
+ * ]
1228
+ */
1229
+ permissions?: {
1230
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1231
+ id?: string;
1232
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1233
+ name?: string;
1234
+ /**
1235
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1236
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1237
+ */
1238
+ create?: boolean;
1239
+ }[];
1090
1240
  };
1091
1241
  };
1092
1242
  };
@@ -1304,33 +1454,43 @@ interface operations {
1304
1454
  };
1305
1455
  };
1306
1456
  };
1307
- getApi: {
1308
- parameters: {
1309
- query: {
1310
- apiId: string;
1457
+ addPermissions: {
1458
+ requestBody: {
1459
+ content: {
1460
+ "application/json": {
1461
+ /** @description The id of the key. */
1462
+ keyId: string;
1463
+ /** @description The permissions you want to add to this key */
1464
+ permissions: {
1465
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1466
+ id?: string;
1467
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1468
+ name?: string;
1469
+ /**
1470
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1471
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1472
+ */
1473
+ create?: boolean;
1474
+ }[];
1475
+ };
1311
1476
  };
1312
1477
  };
1313
1478
  responses: {
1314
- /** @description The configuration for an api */
1479
+ /** @description All currently connected permissions */
1315
1480
  200: {
1316
1481
  content: {
1317
1482
  "application/json": {
1318
- /**
1319
- * @description The id of the key
1320
- * @example key_1234
1321
- */
1322
- id: string;
1323
- /**
1324
- * @description The id of the workspace that owns the api
1325
- * @example ws_1234
1326
- */
1327
- workspaceId: string;
1328
- /**
1329
- * @description The name of the api. This is internal and your users will not see this.
1330
- * @example Unkey - Production
1331
- */
1332
- name?: string;
1333
- };
1483
+ /**
1484
+ * @description The id of the permission. This is used internally
1485
+ * @example perm_123
1486
+ */
1487
+ id: string;
1488
+ /**
1489
+ * @description The name of the permission
1490
+ * @example dns.record.create
1491
+ */
1492
+ name: string;
1493
+ }[];
1334
1494
  };
1335
1495
  };
1336
1496
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1377,29 +1537,37 @@ interface operations {
1377
1537
  };
1378
1538
  };
1379
1539
  };
1380
- createApi: {
1540
+ removePermissions: {
1381
1541
  requestBody: {
1382
1542
  content: {
1383
1543
  "application/json": {
1544
+ /** @description The id of the key. */
1545
+ keyId: string;
1384
1546
  /**
1385
- * @description The name for your API. This is not customer facing.
1386
- * @example my-api
1547
+ * @description The permissions you want to remove from this key.
1548
+ * @example [
1549
+ * {
1550
+ * "id": "perm_123"
1551
+ * },
1552
+ * {
1553
+ * "name": "dns.record.create"
1554
+ * }
1555
+ * ]
1387
1556
  */
1388
- name: string;
1557
+ permissions: {
1558
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1559
+ id?: string;
1560
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1561
+ name?: string;
1562
+ }[];
1389
1563
  };
1390
1564
  };
1391
1565
  };
1392
1566
  responses: {
1393
- /** @description The configuration for an api */
1567
+ /** @description Success */
1394
1568
  200: {
1395
1569
  content: {
1396
- "application/json": {
1397
- /**
1398
- * @description The id of the api
1399
- * @example api_134
1400
- */
1401
- apiId: string;
1402
- };
1570
+ "application/json": Record<string, never>;
1403
1571
  };
1404
1572
  };
1405
1573
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1446,30 +1614,58 @@ interface operations {
1446
1614
  };
1447
1615
  };
1448
1616
  };
1449
- listKeys: {
1450
- parameters: {
1451
- query: {
1452
- apiId: string;
1453
- limit?: number;
1454
- cursor?: string;
1455
- ownerId?: string;
1456
- decrypt?: boolean | null;
1617
+ setPermissions: {
1618
+ requestBody: {
1619
+ content: {
1620
+ "application/json": {
1621
+ /** @description The id of the key. */
1622
+ keyId: string;
1623
+ /**
1624
+ * @description The permissions you want to set for this key. This overwrites all existing permissions.
1625
+ * Setting permissions requires the `rbac.*.add_permission_to_key` permission.
1626
+ * @example [
1627
+ * {
1628
+ * "id": "perm_123"
1629
+ * },
1630
+ * {
1631
+ * "name": "dns.record.create"
1632
+ * },
1633
+ * {
1634
+ * "name": "dns.record.delete",
1635
+ * "create": true
1636
+ * }
1637
+ * ]
1638
+ */
1639
+ permissions: {
1640
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1641
+ id?: string;
1642
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1643
+ name?: string;
1644
+ /**
1645
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1646
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1647
+ */
1648
+ create?: boolean;
1649
+ }[];
1650
+ };
1457
1651
  };
1458
1652
  };
1459
1653
  responses: {
1460
- /** @description The configuration for an api */
1654
+ /** @description All currently connected permissions */
1461
1655
  200: {
1462
1656
  content: {
1463
1657
  "application/json": {
1464
- keys: components["schemas"]["Key"][];
1465
- /**
1466
- * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
1467
- * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1468
- */
1469
- cursor?: string;
1470
- /** @description The total number of keys for this api */
1471
- total: number;
1472
- };
1658
+ /**
1659
+ * @description The id of the permission. This is used internally
1660
+ * @example perm_123
1661
+ */
1662
+ id: string;
1663
+ /**
1664
+ * @description The name of the permission
1665
+ * @example dns.record.create
1666
+ */
1667
+ name: string;
1668
+ }[];
1473
1669
  };
1474
1670
  };
1475
1671
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1516,23 +1712,58 @@ interface operations {
1516
1712
  };
1517
1713
  };
1518
1714
  };
1519
- deleteApi: {
1715
+ addRoles: {
1520
1716
  requestBody: {
1521
1717
  content: {
1522
1718
  "application/json": {
1719
+ /** @description The id of the key. */
1720
+ keyId: string;
1523
1721
  /**
1524
- * @description The id of the api to delete
1525
- * @example api_1234
1722
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1723
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1724
+ * @example [
1725
+ * {
1726
+ * "id": "role_123"
1727
+ * },
1728
+ * {
1729
+ * "name": "dns.record.create"
1730
+ * },
1731
+ * {
1732
+ * "name": "dns.record.delete",
1733
+ * "create": true
1734
+ * }
1735
+ * ]
1526
1736
  */
1527
- apiId: string;
1737
+ roles: {
1738
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1739
+ id?: string;
1740
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1741
+ name?: string;
1742
+ /**
1743
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1744
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1745
+ */
1746
+ create?: boolean;
1747
+ }[];
1528
1748
  };
1529
1749
  };
1530
1750
  };
1531
1751
  responses: {
1532
- /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
1752
+ /** @description All currently connected roles */
1533
1753
  200: {
1534
1754
  content: {
1535
- "application/json": Record<string, never>;
1755
+ "application/json": {
1756
+ /**
1757
+ * @description The id of the role. This is used internally
1758
+ * @example role_123
1759
+ */
1760
+ id: string;
1761
+ /**
1762
+ * @description The name of the role
1763
+ * @example dns.record.create
1764
+ */
1765
+ name: string;
1766
+ }[];
1536
1767
  };
1537
1768
  };
1538
1769
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1579,31 +1810,37 @@ interface operations {
1579
1810
  };
1580
1811
  };
1581
1812
  };
1582
- deleteKeys: {
1813
+ removeRoles: {
1583
1814
  requestBody: {
1584
1815
  content: {
1585
1816
  "application/json": {
1817
+ /** @description The id of the key. */
1818
+ keyId: string;
1586
1819
  /**
1587
- * @description The id of the api, that the keys belong to.
1588
- * @example api_1234
1589
- */
1590
- apiId: string;
1591
- /**
1592
- * @description If true, the keys will be permanently deleted. If false, the keys will be soft-deleted and can be restored later.
1593
- * @default false
1820
+ * @description The roles you want to remove from this key.
1821
+ * @example [
1822
+ * {
1823
+ * "id": "role_123"
1824
+ * },
1825
+ * {
1826
+ * "name": "dns.record.create"
1827
+ * }
1828
+ * ]
1594
1829
  */
1595
- permanent?: boolean;
1830
+ roles: {
1831
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1832
+ id?: string;
1833
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1834
+ name?: string;
1835
+ }[];
1596
1836
  };
1597
1837
  };
1598
1838
  };
1599
1839
  responses: {
1600
- /** @description The keys have been deleted */
1840
+ /** @description Success */
1601
1841
  200: {
1602
1842
  content: {
1603
- "application/json": {
1604
- /** @description The number of keys that were deleted */
1605
- deletedKeys: number;
1606
- };
1843
+ "application/json": Record<string, never>;
1607
1844
  };
1608
1845
  };
1609
1846
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1650,107 +1887,130 @@ interface operations {
1650
1887
  };
1651
1888
  };
1652
1889
  };
1653
- limit: {
1890
+ setRoles: {
1654
1891
  requestBody: {
1655
1892
  content: {
1656
1893
  "application/json": {
1894
+ /** @description The id of the key. */
1895
+ keyId: string;
1657
1896
  /**
1658
- * @description Namespaces group different limits together for better analytics. You might have a namespace for your public API and one for internal tRPC routes.
1659
- * @default default
1660
- * @example email.outbound
1661
- */
1662
- namespace?: string;
1663
- /**
1664
- * @description Identifier of your user, this can be their userId, an email, an ip or anything else.
1665
- * @example user_123
1666
- */
1667
- identifier: string;
1668
- /**
1669
- * @description How many requests may pass in a given window.
1670
- * @example 10
1671
- */
1672
- limit: number;
1673
- /**
1674
- * @description The window duration in milliseconds
1675
- * @example 60000
1676
- */
1677
- duration: number;
1678
- /**
1679
- * @description Expensive requests may use up more tokens. You can specify a cost to the request here and we'll deduct this many tokens in the current window.
1680
- * If there are not enough tokens left, the request is denied.
1681
- *
1682
- * Set it to 0 to receive the current limit without changing anything.
1683
- * @default 1
1684
- * @example 2
1685
- */
1686
- cost?: number;
1687
- /**
1688
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
1689
- * @default false
1690
- */
1691
- async?: boolean;
1692
- /** @description Attach any metadata to this request */
1693
- meta?: {
1694
- [key: string]: unknown;
1695
- };
1696
- /**
1697
- * @description Resources that are about to be accessed by the user
1897
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1898
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1698
1899
  * @example [
1699
1900
  * {
1700
- * "type": "project",
1701
- * "id": "p_123",
1702
- * "name": "dub"
1901
+ * "id": "role_123"
1902
+ * },
1903
+ * {
1904
+ * "name": "dns.record.create"
1905
+ * },
1906
+ * {
1907
+ * "name": "dns.record.delete",
1908
+ * "create": true
1703
1909
  * }
1704
1910
  * ]
1705
1911
  */
1706
- resources?: {
1912
+ roles: {
1913
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1914
+ id?: string;
1915
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1916
+ name?: string;
1707
1917
  /**
1708
- * @description The type of resource
1709
- * @example organization
1918
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1919
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1710
1920
  */
1711
- type: string;
1921
+ create?: boolean;
1922
+ }[];
1923
+ };
1924
+ };
1925
+ };
1926
+ responses: {
1927
+ /** @description All currently connected roles */
1928
+ 200: {
1929
+ content: {
1930
+ "application/json": {
1712
1931
  /**
1713
- * @description The unique identifier for the resource
1714
- * @example org_123
1932
+ * @description The id of the role. This is used internally
1933
+ * @example role_123
1715
1934
  */
1716
1935
  id: string;
1717
1936
  /**
1718
- * @description A human readable name for this resource
1719
- * @example unkey
1937
+ * @description The name of the role
1938
+ * @example dns.record.create
1720
1939
  */
1721
- name?: string;
1722
- /** @description Attach any metadata to this resources */
1723
- meta?: {
1724
- [key: string]: unknown;
1725
- };
1940
+ name: string;
1726
1941
  }[];
1727
1942
  };
1728
1943
  };
1944
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
1945
+ 400: {
1946
+ content: {
1947
+ "application/json": components["schemas"]["ErrBadRequest"];
1948
+ };
1949
+ };
1950
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
1951
+ 401: {
1952
+ content: {
1953
+ "application/json": components["schemas"]["ErrUnauthorized"];
1954
+ };
1955
+ };
1956
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
1957
+ 403: {
1958
+ content: {
1959
+ "application/json": components["schemas"]["ErrForbidden"];
1960
+ };
1961
+ };
1962
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
1963
+ 404: {
1964
+ content: {
1965
+ "application/json": components["schemas"]["ErrNotFound"];
1966
+ };
1967
+ };
1968
+ /** @description This response is sent when a request conflicts with the current state of the server. */
1969
+ 409: {
1970
+ content: {
1971
+ "application/json": components["schemas"]["ErrConflict"];
1972
+ };
1973
+ };
1974
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
1975
+ 429: {
1976
+ content: {
1977
+ "application/json": components["schemas"]["ErrTooManyRequests"];
1978
+ };
1979
+ };
1980
+ /** @description The server has encountered a situation it does not know how to handle. */
1981
+ 500: {
1982
+ content: {
1983
+ "application/json": components["schemas"]["ErrInternalServerError"];
1984
+ };
1985
+ };
1986
+ };
1987
+ };
1988
+ getApi: {
1989
+ parameters: {
1990
+ query: {
1991
+ apiId: string;
1992
+ };
1729
1993
  };
1730
1994
  responses: {
1995
+ /** @description The configuration for an api */
1731
1996
  200: {
1732
1997
  content: {
1733
1998
  "application/json": {
1734
1999
  /**
1735
- * @description Returns true if the request should be processed, false if it was rejected.
1736
- * @example true
1737
- */
1738
- success: boolean;
1739
- /**
1740
- * @description How many requests are allowed within a window.
1741
- * @example 10
2000
+ * @description The id of the key
2001
+ * @example key_1234
1742
2002
  */
1743
- limit: number;
2003
+ id: string;
1744
2004
  /**
1745
- * @description How many requests can still be made in the current window.
1746
- * @example 9
2005
+ * @description The id of the workspace that owns the api
2006
+ * @example ws_1234
1747
2007
  */
1748
- remaining: number;
2008
+ workspaceId: string;
1749
2009
  /**
1750
- * @description A unix millisecond timestamp when the limits reset.
1751
- * @example 1709804263654
2010
+ * @description The name of the api. This is internal and your users will not see this.
2011
+ * @example Unkey - Production
1752
2012
  */
1753
- reset: number;
2013
+ name?: string;
1754
2014
  };
1755
2015
  };
1756
2016
  };
@@ -1798,171 +2058,1636 @@ interface operations {
1798
2058
  };
1799
2059
  };
1800
2060
  };
1801
- "v1.migrations.createKeys": {
2061
+ createApi: {
1802
2062
  requestBody: {
1803
2063
  content: {
1804
- "application/json": ({
2064
+ "application/json": {
2065
+ /**
2066
+ * @description The name for your API. This is not customer facing.
2067
+ * @example my-api
2068
+ */
2069
+ name: string;
2070
+ };
2071
+ };
2072
+ };
2073
+ responses: {
2074
+ /** @description The configuration for an api */
2075
+ 200: {
2076
+ content: {
2077
+ "application/json": {
1805
2078
  /**
1806
- * @description Choose an `API` where this key should be created.
1807
- * @example api_123
2079
+ * @description The id of the api
2080
+ * @example api_134
1808
2081
  */
1809
2082
  apiId: string;
2083
+ };
2084
+ };
2085
+ };
2086
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2087
+ 400: {
2088
+ content: {
2089
+ "application/json": components["schemas"]["ErrBadRequest"];
2090
+ };
2091
+ };
2092
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2093
+ 401: {
2094
+ content: {
2095
+ "application/json": components["schemas"]["ErrUnauthorized"];
2096
+ };
2097
+ };
2098
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2099
+ 403: {
2100
+ content: {
2101
+ "application/json": components["schemas"]["ErrForbidden"];
2102
+ };
2103
+ };
2104
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2105
+ 404: {
2106
+ content: {
2107
+ "application/json": components["schemas"]["ErrNotFound"];
2108
+ };
2109
+ };
2110
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2111
+ 409: {
2112
+ content: {
2113
+ "application/json": components["schemas"]["ErrConflict"];
2114
+ };
2115
+ };
2116
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2117
+ 429: {
2118
+ content: {
2119
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2120
+ };
2121
+ };
2122
+ /** @description The server has encountered a situation it does not know how to handle. */
2123
+ 500: {
2124
+ content: {
2125
+ "application/json": components["schemas"]["ErrInternalServerError"];
2126
+ };
2127
+ };
2128
+ };
2129
+ };
2130
+ listKeys: {
2131
+ parameters: {
2132
+ query: {
2133
+ apiId: string;
2134
+ limit?: number;
2135
+ cursor?: string;
2136
+ ownerId?: string;
2137
+ decrypt?: boolean | null;
2138
+ };
2139
+ };
2140
+ responses: {
2141
+ /** @description The configuration for an api */
2142
+ 200: {
2143
+ content: {
2144
+ "application/json": {
2145
+ keys: components["schemas"]["Key"][];
1810
2146
  /**
1811
- * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
1812
- *
1813
- * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
1814
- *
1815
- * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
1816
- */
1817
- prefix?: string;
1818
- /**
1819
- * @description The name for your Key. This is not customer facing.
1820
- * @example my key
1821
- */
1822
- name?: string;
1823
- /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
1824
- plaintext?: string;
1825
- /** @description Provide either `hash` or `plaintext` */
1826
- hash?: {
1827
- /** @description The hashed and encoded key */
1828
- value: string;
1829
- /**
1830
- * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
1831
- * @enum {string}
1832
- */
1833
- variant: "sha256_base64";
1834
- };
1835
- /**
1836
- * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
1837
- * @example unkey_32kq
1838
- */
1839
- start?: string;
1840
- /**
1841
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
1842
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
1843
- * @example team_123
1844
- */
1845
- ownerId?: string;
1846
- /**
1847
- * @description This is a place for dynamic meta data, anything that feels useful for you should go here
1848
- * @example {
1849
- * "billingTier": "PRO",
1850
- * "trialEnds": "2023-06-16T17:16:37.161Z"
1851
- * }
1852
- */
1853
- meta?: {
1854
- [key: string]: unknown;
1855
- };
1856
- /**
1857
- * @description A list of roles that this key should have. If the role does not exist, an error is thrown
1858
- * @example [
1859
- * "admin",
1860
- * "finance"
1861
- * ]
1862
- */
1863
- roles?: string[];
1864
- /**
1865
- * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
1866
- * @example [
1867
- * "domains.create_record",
1868
- * "say_hello"
1869
- * ]
1870
- */
1871
- permissions?: string[];
1872
- /**
1873
- * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
1874
- * @example 1623869797161
1875
- */
1876
- expires?: number;
1877
- /**
1878
- * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
1879
- * @example 1000
2147
+ * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
2148
+ * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1880
2149
  */
1881
- remaining?: number;
2150
+ cursor?: string;
2151
+ /** @description The total number of keys for this api */
2152
+ total: number;
2153
+ };
2154
+ };
2155
+ };
2156
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2157
+ 400: {
2158
+ content: {
2159
+ "application/json": components["schemas"]["ErrBadRequest"];
2160
+ };
2161
+ };
2162
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2163
+ 401: {
2164
+ content: {
2165
+ "application/json": components["schemas"]["ErrUnauthorized"];
2166
+ };
2167
+ };
2168
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2169
+ 403: {
2170
+ content: {
2171
+ "application/json": components["schemas"]["ErrForbidden"];
2172
+ };
2173
+ };
2174
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2175
+ 404: {
2176
+ content: {
2177
+ "application/json": components["schemas"]["ErrNotFound"];
2178
+ };
2179
+ };
2180
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2181
+ 409: {
2182
+ content: {
2183
+ "application/json": components["schemas"]["ErrConflict"];
2184
+ };
2185
+ };
2186
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2187
+ 429: {
2188
+ content: {
2189
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2190
+ };
2191
+ };
2192
+ /** @description The server has encountered a situation it does not know how to handle. */
2193
+ 500: {
2194
+ content: {
2195
+ "application/json": components["schemas"]["ErrInternalServerError"];
2196
+ };
2197
+ };
2198
+ };
2199
+ };
2200
+ deleteApi: {
2201
+ requestBody: {
2202
+ content: {
2203
+ "application/json": {
2204
+ /**
2205
+ * @description The id of the api to delete
2206
+ * @example api_1234
2207
+ */
2208
+ apiId: string;
2209
+ };
2210
+ };
2211
+ };
2212
+ responses: {
2213
+ /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
2214
+ 200: {
2215
+ content: {
2216
+ "application/json": Record<string, never>;
2217
+ };
2218
+ };
2219
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2220
+ 400: {
2221
+ content: {
2222
+ "application/json": components["schemas"]["ErrBadRequest"];
2223
+ };
2224
+ };
2225
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2226
+ 401: {
2227
+ content: {
2228
+ "application/json": components["schemas"]["ErrUnauthorized"];
2229
+ };
2230
+ };
2231
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2232
+ 403: {
2233
+ content: {
2234
+ "application/json": components["schemas"]["ErrForbidden"];
2235
+ };
2236
+ };
2237
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2238
+ 404: {
2239
+ content: {
2240
+ "application/json": components["schemas"]["ErrNotFound"];
2241
+ };
2242
+ };
2243
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2244
+ 409: {
2245
+ content: {
2246
+ "application/json": components["schemas"]["ErrConflict"];
2247
+ };
2248
+ };
2249
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2250
+ 429: {
2251
+ content: {
2252
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2253
+ };
2254
+ };
2255
+ /** @description The server has encountered a situation it does not know how to handle. */
2256
+ 500: {
2257
+ content: {
2258
+ "application/json": components["schemas"]["ErrInternalServerError"];
2259
+ };
2260
+ };
2261
+ };
2262
+ };
2263
+ deleteKeys: {
2264
+ requestBody: {
2265
+ content: {
2266
+ "application/json": {
2267
+ /**
2268
+ * @description The id of the api, that the keys belong to.
2269
+ * @example api_1234
2270
+ */
2271
+ apiId: string;
2272
+ /**
2273
+ * @description If true, the keys will be permanently deleted. If false, the keys will be soft-deleted and can be restored later.
2274
+ * @default false
2275
+ */
2276
+ permanent?: boolean;
2277
+ };
2278
+ };
2279
+ };
2280
+ responses: {
2281
+ /** @description The keys have been deleted */
2282
+ 200: {
2283
+ content: {
2284
+ "application/json": {
2285
+ /** @description The number of keys that were deleted */
2286
+ deletedKeys: number;
2287
+ };
2288
+ };
2289
+ };
2290
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2291
+ 400: {
2292
+ content: {
2293
+ "application/json": components["schemas"]["ErrBadRequest"];
2294
+ };
2295
+ };
2296
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2297
+ 401: {
2298
+ content: {
2299
+ "application/json": components["schemas"]["ErrUnauthorized"];
2300
+ };
2301
+ };
2302
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2303
+ 403: {
2304
+ content: {
2305
+ "application/json": components["schemas"]["ErrForbidden"];
2306
+ };
2307
+ };
2308
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2309
+ 404: {
2310
+ content: {
2311
+ "application/json": components["schemas"]["ErrNotFound"];
2312
+ };
2313
+ };
2314
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2315
+ 409: {
2316
+ content: {
2317
+ "application/json": components["schemas"]["ErrConflict"];
2318
+ };
2319
+ };
2320
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2321
+ 429: {
2322
+ content: {
2323
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2324
+ };
2325
+ };
2326
+ /** @description The server has encountered a situation it does not know how to handle. */
2327
+ 500: {
2328
+ content: {
2329
+ "application/json": components["schemas"]["ErrInternalServerError"];
2330
+ };
2331
+ };
2332
+ };
2333
+ };
2334
+ limit: {
2335
+ requestBody: {
2336
+ content: {
2337
+ "application/json": {
2338
+ /**
2339
+ * @description Namespaces group different limits together for better analytics. You might have a namespace for your public API and one for internal tRPC routes.
2340
+ * @default default
2341
+ * @example email.outbound
2342
+ */
2343
+ namespace?: string;
2344
+ /**
2345
+ * @description Identifier of your user, this can be their userId, an email, an ip or anything else.
2346
+ * @example user_123
2347
+ */
2348
+ identifier: string;
2349
+ /**
2350
+ * @description How many requests may pass in a given window.
2351
+ * @example 10
2352
+ */
2353
+ limit: number;
2354
+ /**
2355
+ * @description The window duration in milliseconds
2356
+ * @example 60000
2357
+ */
2358
+ duration: number;
2359
+ /**
2360
+ * @description Expensive requests may use up more tokens. You can specify a cost to the request here and we'll deduct this many tokens in the current window.
2361
+ * If there are not enough tokens left, the request is denied.
2362
+ *
2363
+ * Set it to 0 to receive the current limit without changing anything.
2364
+ * @default 1
2365
+ * @example 2
2366
+ */
2367
+ cost?: number;
2368
+ /**
2369
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2370
+ * @default false
2371
+ */
2372
+ async?: boolean;
2373
+ /** @description Attach any metadata to this request */
2374
+ meta?: {
2375
+ [key: string]: unknown;
2376
+ };
2377
+ /**
2378
+ * @description Resources that are about to be accessed by the user
2379
+ * @example [
2380
+ * {
2381
+ * "type": "project",
2382
+ * "id": "p_123",
2383
+ * "name": "dub"
2384
+ * }
2385
+ * ]
2386
+ */
2387
+ resources?: {
2388
+ /**
2389
+ * @description The type of resource
2390
+ * @example organization
2391
+ */
2392
+ type: string;
2393
+ /**
2394
+ * @description The unique identifier for the resource
2395
+ * @example org_123
2396
+ */
2397
+ id: string;
2398
+ /**
2399
+ * @description A human readable name for this resource
2400
+ * @example unkey
2401
+ */
2402
+ name?: string;
2403
+ /** @description Attach any metadata to this resources */
2404
+ meta?: {
2405
+ [key: string]: unknown;
2406
+ };
2407
+ }[];
2408
+ };
2409
+ };
2410
+ };
2411
+ responses: {
2412
+ 200: {
2413
+ content: {
2414
+ "application/json": {
2415
+ /**
2416
+ * @description Returns true if the request should be processed, false if it was rejected.
2417
+ * @example true
2418
+ */
2419
+ success: boolean;
2420
+ /**
2421
+ * @description How many requests are allowed within a window.
2422
+ * @example 10
2423
+ */
2424
+ limit: number;
2425
+ /**
2426
+ * @description How many requests can still be made in the current window.
2427
+ * @example 9
2428
+ */
2429
+ remaining: number;
2430
+ /**
2431
+ * @description A unix millisecond timestamp when the limits reset.
2432
+ * @example 1709804263654
2433
+ */
2434
+ reset: number;
2435
+ };
2436
+ };
2437
+ };
2438
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2439
+ 400: {
2440
+ content: {
2441
+ "application/json": components["schemas"]["ErrBadRequest"];
2442
+ };
2443
+ };
2444
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2445
+ 401: {
2446
+ content: {
2447
+ "application/json": components["schemas"]["ErrUnauthorized"];
2448
+ };
2449
+ };
2450
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2451
+ 403: {
2452
+ content: {
2453
+ "application/json": components["schemas"]["ErrForbidden"];
2454
+ };
2455
+ };
2456
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2457
+ 404: {
2458
+ content: {
2459
+ "application/json": components["schemas"]["ErrNotFound"];
2460
+ };
2461
+ };
2462
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2463
+ 409: {
2464
+ content: {
2465
+ "application/json": components["schemas"]["ErrConflict"];
2466
+ };
2467
+ };
2468
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2469
+ 429: {
2470
+ content: {
2471
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2472
+ };
2473
+ };
2474
+ /** @description The server has encountered a situation it does not know how to handle. */
2475
+ 500: {
2476
+ content: {
2477
+ "application/json": components["schemas"]["ErrInternalServerError"];
2478
+ };
2479
+ };
2480
+ };
2481
+ };
2482
+ "v1.migrations.createKeys": {
2483
+ requestBody: {
2484
+ content: {
2485
+ "application/json": ({
2486
+ /**
2487
+ * @description Choose an `API` where this key should be created.
2488
+ * @example api_123
2489
+ */
2490
+ apiId: string;
2491
+ /**
2492
+ * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2493
+ *
2494
+ * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2495
+ *
2496
+ * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2497
+ */
2498
+ prefix?: string;
2499
+ /**
2500
+ * @description The name for your Key. This is not customer facing.
2501
+ * @example my key
2502
+ */
2503
+ name?: string;
2504
+ /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2505
+ plaintext?: string;
2506
+ /** @description Provide either `hash` or `plaintext` */
2507
+ hash?: {
2508
+ /** @description The hashed and encoded key */
2509
+ value: string;
2510
+ /**
2511
+ * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2512
+ * @enum {string}
2513
+ */
2514
+ variant: "sha256_base64";
2515
+ };
2516
+ /**
2517
+ * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2518
+ * @example unkey_32kq
2519
+ */
2520
+ start?: string;
2521
+ /**
2522
+ * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2523
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2524
+ * @example team_123
2525
+ */
2526
+ ownerId?: string;
2527
+ /**
2528
+ * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2529
+ * @example {
2530
+ * "billingTier": "PRO",
2531
+ * "trialEnds": "2023-06-16T17:16:37.161Z"
2532
+ * }
2533
+ */
2534
+ meta?: {
2535
+ [key: string]: unknown;
2536
+ };
2537
+ /**
2538
+ * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2539
+ * @example [
2540
+ * "admin",
2541
+ * "finance"
2542
+ * ]
2543
+ */
2544
+ roles?: string[];
2545
+ /**
2546
+ * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2547
+ * @example [
2548
+ * "domains.create_record",
2549
+ * "say_hello"
2550
+ * ]
2551
+ */
2552
+ permissions?: string[];
2553
+ /**
2554
+ * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2555
+ * @example 1623869797161
2556
+ */
2557
+ expires?: number;
2558
+ /**
2559
+ * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
2560
+ * @example 1000
2561
+ */
2562
+ remaining?: number;
2563
+ /**
2564
+ * @description Unkey enables you to refill verifications for each key at regular intervals.
2565
+ * @example {
2566
+ * "interval": "daily",
2567
+ * "amount": 100
2568
+ * }
2569
+ */
2570
+ refill?: {
2571
+ /**
2572
+ * @description Unkey will automatically refill verifications at the set interval.
2573
+ * @enum {string}
2574
+ */
2575
+ interval: "daily" | "monthly";
2576
+ /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2577
+ amount: number;
2578
+ };
2579
+ /**
2580
+ * @description Unkey comes with per-key ratelimiting out of the box.
2581
+ * @example {
2582
+ * "type": "fast",
2583
+ * "limit": 10,
2584
+ * "refillRate": 1,
2585
+ * "refillInterval": 60
2586
+ * }
2587
+ */
2588
+ ratelimit?: {
2589
+ /**
2590
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2591
+ * @default false
2592
+ */
2593
+ async?: boolean;
2594
+ /**
2595
+ * @deprecated
2596
+ * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2597
+ * @default fast
2598
+ * @enum {string}
2599
+ */
2600
+ type?: "fast" | "consistent";
2601
+ /** @description The total amount of burstable requests. */
2602
+ limit: number;
2603
+ /**
2604
+ * @deprecated
2605
+ * @description How many tokens to refill during each refillInterval.
2606
+ */
2607
+ refillRate: number;
2608
+ /**
2609
+ * @deprecated
2610
+ * @description Determines the speed at which tokens are refilled, in milliseconds.
2611
+ */
2612
+ refillInterval: number;
2613
+ };
2614
+ /**
2615
+ * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2616
+ * @default true
2617
+ * @example false
2618
+ */
2619
+ enabled?: boolean;
2620
+ /**
2621
+ * @description Environments allow you to divide your keyspace.
2622
+ *
2623
+ * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2624
+ * give the developer a way to develop their own application without the risk of modifying real world
2625
+ * resources.
2626
+ *
2627
+ * When you set an environment, we will return it back to you when validating the key, so you can
2628
+ * handle it correctly.
2629
+ */
2630
+ environment?: string;
2631
+ })[];
2632
+ };
2633
+ };
2634
+ responses: {
2635
+ /** @description The key ids of all created keys */
2636
+ 200: {
2637
+ content: {
2638
+ "application/json": {
2639
+ /**
2640
+ * @description The ids of the keys. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.
2641
+ * @example [
2642
+ * "key_123",
2643
+ * "key_456"
2644
+ * ]
2645
+ */
2646
+ keyIds: string[];
2647
+ };
2648
+ };
2649
+ };
2650
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2651
+ 400: {
2652
+ content: {
2653
+ "application/json": components["schemas"]["ErrBadRequest"];
2654
+ };
2655
+ };
2656
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2657
+ 401: {
2658
+ content: {
2659
+ "application/json": components["schemas"]["ErrUnauthorized"];
2660
+ };
2661
+ };
2662
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2663
+ 403: {
2664
+ content: {
2665
+ "application/json": components["schemas"]["ErrForbidden"];
2666
+ };
2667
+ };
2668
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2669
+ 404: {
2670
+ content: {
2671
+ "application/json": components["schemas"]["ErrNotFound"];
2672
+ };
2673
+ };
2674
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2675
+ 409: {
2676
+ content: {
2677
+ "application/json": components["schemas"]["ErrConflict"];
2678
+ };
2679
+ };
2680
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2681
+ 429: {
2682
+ content: {
2683
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2684
+ };
2685
+ };
2686
+ /** @description The server has encountered a situation it does not know how to handle. */
2687
+ 500: {
2688
+ content: {
2689
+ "application/json": components["schemas"]["ErrInternalServerError"];
2690
+ };
2691
+ };
2692
+ };
2693
+ };
2694
+ "v1.migrations.enqueueKeys": {
2695
+ requestBody: {
2696
+ content: {
2697
+ "application/json": {
2698
+ /** @description Contact support@unkey.dev to receive your migration id. */
2699
+ migrationId: string;
2700
+ /** @description The id of the api, you want to migrate keys to */
2701
+ apiId: string;
2702
+ keys: ({
2703
+ /**
2704
+ * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2705
+ *
2706
+ * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2707
+ *
2708
+ * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2709
+ */
2710
+ prefix?: string;
2711
+ /**
2712
+ * @description The name for your Key. This is not customer facing.
2713
+ * @example my key
2714
+ */
2715
+ name?: string;
2716
+ /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2717
+ plaintext?: string;
2718
+ /** @description Provide either `hash` or `plaintext` */
2719
+ hash?: {
2720
+ /** @description The hashed and encoded key */
2721
+ value: string;
2722
+ /**
2723
+ * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2724
+ * @enum {string}
2725
+ */
2726
+ variant: "sha256_base64";
2727
+ };
2728
+ /**
2729
+ * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2730
+ * @example unkey_32kq
2731
+ */
2732
+ start?: string;
2733
+ /**
2734
+ * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2735
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2736
+ * @example team_123
2737
+ */
2738
+ ownerId?: string;
2739
+ /**
2740
+ * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2741
+ * @example {
2742
+ * "billingTier": "PRO",
2743
+ * "trialEnds": "2023-06-16T17:16:37.161Z"
2744
+ * }
2745
+ */
2746
+ meta?: {
2747
+ [key: string]: unknown;
2748
+ };
2749
+ /**
2750
+ * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2751
+ * @example [
2752
+ * "admin",
2753
+ * "finance"
2754
+ * ]
2755
+ */
2756
+ roles?: string[];
2757
+ /**
2758
+ * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2759
+ * @example [
2760
+ * "domains.create_record",
2761
+ * "say_hello"
2762
+ * ]
2763
+ */
2764
+ permissions?: string[];
2765
+ /**
2766
+ * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2767
+ * @example 1623869797161
2768
+ */
2769
+ expires?: number;
2770
+ /**
2771
+ * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
2772
+ * @example 1000
2773
+ */
2774
+ remaining?: number;
2775
+ /**
2776
+ * @description Unkey enables you to refill verifications for each key at regular intervals.
2777
+ * @example {
2778
+ * "interval": "daily",
2779
+ * "amount": 100
2780
+ * }
2781
+ */
2782
+ refill?: {
2783
+ /**
2784
+ * @description Unkey will automatically refill verifications at the set interval.
2785
+ * @enum {string}
2786
+ */
2787
+ interval: "daily" | "monthly";
2788
+ /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2789
+ amount: number;
2790
+ };
2791
+ /**
2792
+ * @description Unkey comes with per-key fixed-window ratelimiting out of the box.
2793
+ * @example {
2794
+ * "type": "fast",
2795
+ * "limit": 10,
2796
+ * "duration": 60000
2797
+ * }
2798
+ */
2799
+ ratelimit?: {
2800
+ /**
2801
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2802
+ * @default true
2803
+ */
2804
+ async?: boolean;
2805
+ /**
2806
+ * @deprecated
2807
+ * @description Deprecated, use `async`. Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2808
+ * @default fast
2809
+ * @enum {string}
2810
+ */
2811
+ type?: "fast" | "consistent";
2812
+ /** @description The total amount of requests in a given interval. */
2813
+ limit: number;
2814
+ /**
2815
+ * @description The window duration in milliseconds
2816
+ * @example 60000
2817
+ */
2818
+ duration: number;
2819
+ /**
2820
+ * @deprecated
2821
+ * @description How many tokens to refill during each refillInterval.
2822
+ */
2823
+ refillRate?: number;
2824
+ /**
2825
+ * @deprecated
2826
+ * @description The refill timeframe, in milliseconds.
2827
+ */
2828
+ refillInterval?: number;
2829
+ };
2830
+ /**
2831
+ * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2832
+ * @default true
2833
+ * @example false
2834
+ */
2835
+ enabled?: boolean;
2836
+ /**
2837
+ * @description Environments allow you to divide your keyspace.
2838
+ *
2839
+ * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2840
+ * give the developer a way to develop their own application without the risk of modifying real world
2841
+ * resources.
2842
+ *
2843
+ * When you set an environment, we will return it back to you when validating the key, so you can
2844
+ * handle it correctly.
2845
+ */
2846
+ environment?: string;
2847
+ })[];
2848
+ };
2849
+ };
2850
+ };
2851
+ responses: {
2852
+ /** @description The key ids of all created keys */
2853
+ 202: {
2854
+ content: {
2855
+ "application/json": Record<string, never>;
2856
+ };
2857
+ };
2858
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2859
+ 400: {
2860
+ content: {
2861
+ "application/json": components["schemas"]["ErrBadRequest"];
2862
+ };
2863
+ };
2864
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2865
+ 401: {
2866
+ content: {
2867
+ "application/json": components["schemas"]["ErrUnauthorized"];
2868
+ };
2869
+ };
2870
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2871
+ 403: {
2872
+ content: {
2873
+ "application/json": components["schemas"]["ErrForbidden"];
2874
+ };
2875
+ };
2876
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2877
+ 404: {
2878
+ content: {
2879
+ "application/json": components["schemas"]["ErrNotFound"];
2880
+ };
2881
+ };
2882
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2883
+ 409: {
2884
+ content: {
2885
+ "application/json": components["schemas"]["ErrConflict"];
2886
+ };
2887
+ };
2888
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2889
+ 429: {
2890
+ content: {
2891
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2892
+ };
2893
+ };
2894
+ /** @description The server has encountered a situation it does not know how to handle. */
2895
+ 500: {
2896
+ content: {
2897
+ "application/json": components["schemas"]["ErrInternalServerError"];
2898
+ };
2899
+ };
2900
+ };
2901
+ };
2902
+ createPermission: {
2903
+ requestBody: {
2904
+ content: {
2905
+ "application/json": {
2906
+ /**
2907
+ * @description The unique name of your permission.
2908
+ * @example record.write
2909
+ */
2910
+ name: string;
2911
+ /**
2912
+ * @description Explain what this permission does. This is just for your team, your users will not see this.
2913
+ * @example record.write can create new dns records for our domains.
2914
+ */
2915
+ description?: string;
2916
+ };
2917
+ };
2918
+ };
2919
+ responses: {
2920
+ /** @description Sucessfully created a permission */
2921
+ 200: {
2922
+ content: {
2923
+ "application/json": {
2924
+ /**
2925
+ * @description The id of the permission. This is used internally
2926
+ * @example perm_123
2927
+ */
2928
+ permissionId: string;
2929
+ };
2930
+ };
2931
+ };
2932
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2933
+ 400: {
2934
+ content: {
2935
+ "application/json": components["schemas"]["ErrBadRequest"];
2936
+ };
2937
+ };
2938
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2939
+ 401: {
2940
+ content: {
2941
+ "application/json": components["schemas"]["ErrUnauthorized"];
2942
+ };
2943
+ };
2944
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2945
+ 403: {
2946
+ content: {
2947
+ "application/json": components["schemas"]["ErrForbidden"];
2948
+ };
2949
+ };
2950
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2951
+ 404: {
2952
+ content: {
2953
+ "application/json": components["schemas"]["ErrNotFound"];
2954
+ };
2955
+ };
2956
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2957
+ 409: {
2958
+ content: {
2959
+ "application/json": components["schemas"]["ErrConflict"];
2960
+ };
2961
+ };
2962
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2963
+ 429: {
2964
+ content: {
2965
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2966
+ };
2967
+ };
2968
+ /** @description The server has encountered a situation it does not know how to handle. */
2969
+ 500: {
2970
+ content: {
2971
+ "application/json": components["schemas"]["ErrInternalServerError"];
2972
+ };
2973
+ };
2974
+ };
2975
+ };
2976
+ deletePermission: {
2977
+ requestBody: {
2978
+ content: {
2979
+ "application/json": {
2980
+ /**
2981
+ * @description The id of the permission you want to delete.
2982
+ * @example perm_123
2983
+ */
2984
+ permissionId: string;
2985
+ };
2986
+ };
2987
+ };
2988
+ responses: {
2989
+ /** @description Sucessfully deleted a permission */
2990
+ 200: {
2991
+ content: {
2992
+ "application/json": Record<string, never>;
2993
+ };
2994
+ };
2995
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2996
+ 400: {
2997
+ content: {
2998
+ "application/json": components["schemas"]["ErrBadRequest"];
2999
+ };
3000
+ };
3001
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3002
+ 401: {
3003
+ content: {
3004
+ "application/json": components["schemas"]["ErrUnauthorized"];
3005
+ };
3006
+ };
3007
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3008
+ 403: {
3009
+ content: {
3010
+ "application/json": components["schemas"]["ErrForbidden"];
3011
+ };
3012
+ };
3013
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3014
+ 404: {
3015
+ content: {
3016
+ "application/json": components["schemas"]["ErrNotFound"];
3017
+ };
3018
+ };
3019
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3020
+ 409: {
3021
+ content: {
3022
+ "application/json": components["schemas"]["ErrConflict"];
3023
+ };
3024
+ };
3025
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3026
+ 429: {
3027
+ content: {
3028
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3029
+ };
3030
+ };
3031
+ /** @description The server has encountered a situation it does not know how to handle. */
3032
+ 500: {
3033
+ content: {
3034
+ "application/json": components["schemas"]["ErrInternalServerError"];
3035
+ };
3036
+ };
3037
+ };
3038
+ };
3039
+ getPermission: {
3040
+ parameters: {
3041
+ query: {
3042
+ permissionId: string;
3043
+ };
3044
+ };
3045
+ responses: {
3046
+ /** @description The Role */
3047
+ 200: {
3048
+ content: {
3049
+ "application/json": {
3050
+ /**
3051
+ * @description The id of the permission
3052
+ * @example perm_123
3053
+ */
3054
+ id: string;
3055
+ /**
3056
+ * @description The name of the permission.
3057
+ * @example domain.record.manager
3058
+ */
3059
+ name: string;
3060
+ /**
3061
+ * @description The description of what this permission does. This is just for your team, your users will not see this.
3062
+ * @example Can manage dns records
3063
+ */
3064
+ description?: string;
3065
+ };
3066
+ };
3067
+ };
3068
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3069
+ 400: {
3070
+ content: {
3071
+ "application/json": components["schemas"]["ErrBadRequest"];
3072
+ };
3073
+ };
3074
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3075
+ 401: {
3076
+ content: {
3077
+ "application/json": components["schemas"]["ErrUnauthorized"];
3078
+ };
3079
+ };
3080
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3081
+ 403: {
3082
+ content: {
3083
+ "application/json": components["schemas"]["ErrForbidden"];
3084
+ };
3085
+ };
3086
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3087
+ 404: {
3088
+ content: {
3089
+ "application/json": components["schemas"]["ErrNotFound"];
3090
+ };
3091
+ };
3092
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3093
+ 409: {
3094
+ content: {
3095
+ "application/json": components["schemas"]["ErrConflict"];
3096
+ };
3097
+ };
3098
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3099
+ 429: {
3100
+ content: {
3101
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3102
+ };
3103
+ };
3104
+ /** @description The server has encountered a situation it does not know how to handle. */
3105
+ 500: {
3106
+ content: {
3107
+ "application/json": components["schemas"]["ErrInternalServerError"];
3108
+ };
3109
+ };
3110
+ };
3111
+ };
3112
+ listPermissions: {
3113
+ responses: {
3114
+ /** @description The permissions in your workspace */
3115
+ 200: {
3116
+ content: {
3117
+ "application/json": {
3118
+ /**
3119
+ * @description The id of the permission
3120
+ * @example perm_123
3121
+ */
3122
+ id: string;
3123
+ /**
3124
+ * @description The name of the permission.
3125
+ * @example domain.record.manager
3126
+ */
3127
+ name: string;
3128
+ /**
3129
+ * @description The description of what this permission does. This is just for your team, your users will not see this.
3130
+ * @example Can manage dns records
3131
+ */
3132
+ description?: string;
3133
+ }[];
3134
+ };
3135
+ };
3136
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3137
+ 400: {
3138
+ content: {
3139
+ "application/json": components["schemas"]["ErrBadRequest"];
3140
+ };
3141
+ };
3142
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3143
+ 401: {
3144
+ content: {
3145
+ "application/json": components["schemas"]["ErrUnauthorized"];
3146
+ };
3147
+ };
3148
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3149
+ 403: {
3150
+ content: {
3151
+ "application/json": components["schemas"]["ErrForbidden"];
3152
+ };
3153
+ };
3154
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3155
+ 404: {
3156
+ content: {
3157
+ "application/json": components["schemas"]["ErrNotFound"];
3158
+ };
3159
+ };
3160
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3161
+ 409: {
3162
+ content: {
3163
+ "application/json": components["schemas"]["ErrConflict"];
3164
+ };
3165
+ };
3166
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3167
+ 429: {
3168
+ content: {
3169
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3170
+ };
3171
+ };
3172
+ /** @description The server has encountered a situation it does not know how to handle. */
3173
+ 500: {
3174
+ content: {
3175
+ "application/json": components["schemas"]["ErrInternalServerError"];
3176
+ };
3177
+ };
3178
+ };
3179
+ };
3180
+ createRole: {
3181
+ requestBody: {
3182
+ content: {
3183
+ "application/json": {
3184
+ /**
3185
+ * @description The unique name of your role.
3186
+ * @example dns.records.manager
3187
+ */
3188
+ name: string;
3189
+ /**
3190
+ * @description Explain what this role does. This is just for your team, your users will not see this.
3191
+ * @example dns.records.manager can read and write dns records for our domains.
3192
+ */
3193
+ description?: string;
3194
+ };
3195
+ };
3196
+ };
3197
+ responses: {
3198
+ /** @description Sucessfully created a role */
3199
+ 200: {
3200
+ content: {
3201
+ "application/json": {
1882
3202
  /**
1883
- * @description Unkey enables you to refill verifications for each key at regular intervals.
1884
- * @example {
1885
- * "interval": "daily",
1886
- * "amount": 100
1887
- * }
3203
+ * @description The id of the role. This is used internally
3204
+ * @example role_123
1888
3205
  */
1889
- refill?: {
3206
+ roleId: string;
3207
+ };
3208
+ };
3209
+ };
3210
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3211
+ 400: {
3212
+ content: {
3213
+ "application/json": components["schemas"]["ErrBadRequest"];
3214
+ };
3215
+ };
3216
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3217
+ 401: {
3218
+ content: {
3219
+ "application/json": components["schemas"]["ErrUnauthorized"];
3220
+ };
3221
+ };
3222
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3223
+ 403: {
3224
+ content: {
3225
+ "application/json": components["schemas"]["ErrForbidden"];
3226
+ };
3227
+ };
3228
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3229
+ 404: {
3230
+ content: {
3231
+ "application/json": components["schemas"]["ErrNotFound"];
3232
+ };
3233
+ };
3234
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3235
+ 409: {
3236
+ content: {
3237
+ "application/json": components["schemas"]["ErrConflict"];
3238
+ };
3239
+ };
3240
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3241
+ 429: {
3242
+ content: {
3243
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3244
+ };
3245
+ };
3246
+ /** @description The server has encountered a situation it does not know how to handle. */
3247
+ 500: {
3248
+ content: {
3249
+ "application/json": components["schemas"]["ErrInternalServerError"];
3250
+ };
3251
+ };
3252
+ };
3253
+ };
3254
+ deleteRole: {
3255
+ requestBody: {
3256
+ content: {
3257
+ "application/json": {
3258
+ /**
3259
+ * @description The id of the role you want to delete.
3260
+ * @example role_123
3261
+ */
3262
+ roleId: string;
3263
+ };
3264
+ };
3265
+ };
3266
+ responses: {
3267
+ /** @description Sucessfully deleted a role */
3268
+ 200: {
3269
+ content: {
3270
+ "application/json": Record<string, never>;
3271
+ };
3272
+ };
3273
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3274
+ 400: {
3275
+ content: {
3276
+ "application/json": components["schemas"]["ErrBadRequest"];
3277
+ };
3278
+ };
3279
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3280
+ 401: {
3281
+ content: {
3282
+ "application/json": components["schemas"]["ErrUnauthorized"];
3283
+ };
3284
+ };
3285
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3286
+ 403: {
3287
+ content: {
3288
+ "application/json": components["schemas"]["ErrForbidden"];
3289
+ };
3290
+ };
3291
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3292
+ 404: {
3293
+ content: {
3294
+ "application/json": components["schemas"]["ErrNotFound"];
3295
+ };
3296
+ };
3297
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3298
+ 409: {
3299
+ content: {
3300
+ "application/json": components["schemas"]["ErrConflict"];
3301
+ };
3302
+ };
3303
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3304
+ 429: {
3305
+ content: {
3306
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3307
+ };
3308
+ };
3309
+ /** @description The server has encountered a situation it does not know how to handle. */
3310
+ 500: {
3311
+ content: {
3312
+ "application/json": components["schemas"]["ErrInternalServerError"];
3313
+ };
3314
+ };
3315
+ };
3316
+ };
3317
+ getRole: {
3318
+ parameters: {
3319
+ query: {
3320
+ roleId: string;
3321
+ };
3322
+ };
3323
+ responses: {
3324
+ /** @description The Role */
3325
+ 200: {
3326
+ content: {
3327
+ "application/json": {
3328
+ /**
3329
+ * @description The id of the role
3330
+ * @example role_1234
3331
+ */
3332
+ id: string;
3333
+ /**
3334
+ * @description The name of the role.
3335
+ * @example domain.record.manager
3336
+ */
3337
+ name: string;
3338
+ /**
3339
+ * @description The description of what this role does. This is just for your team, your users will not see this.
3340
+ * @example Can manage dns records
3341
+ */
3342
+ description?: string;
3343
+ };
3344
+ };
3345
+ };
3346
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3347
+ 400: {
3348
+ content: {
3349
+ "application/json": components["schemas"]["ErrBadRequest"];
3350
+ };
3351
+ };
3352
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3353
+ 401: {
3354
+ content: {
3355
+ "application/json": components["schemas"]["ErrUnauthorized"];
3356
+ };
3357
+ };
3358
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3359
+ 403: {
3360
+ content: {
3361
+ "application/json": components["schemas"]["ErrForbidden"];
3362
+ };
3363
+ };
3364
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3365
+ 404: {
3366
+ content: {
3367
+ "application/json": components["schemas"]["ErrNotFound"];
3368
+ };
3369
+ };
3370
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3371
+ 409: {
3372
+ content: {
3373
+ "application/json": components["schemas"]["ErrConflict"];
3374
+ };
3375
+ };
3376
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3377
+ 429: {
3378
+ content: {
3379
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3380
+ };
3381
+ };
3382
+ /** @description The server has encountered a situation it does not know how to handle. */
3383
+ 500: {
3384
+ content: {
3385
+ "application/json": components["schemas"]["ErrInternalServerError"];
3386
+ };
3387
+ };
3388
+ };
3389
+ };
3390
+ listRoles: {
3391
+ responses: {
3392
+ /** @description The Roles in your workspace */
3393
+ 200: {
3394
+ content: {
3395
+ "application/json": {
1890
3396
  /**
1891
- * @description Unkey will automatically refill verifications at the set interval.
1892
- * @enum {string}
3397
+ * @description The id of the role
3398
+ * @example role_1234
1893
3399
  */
1894
- interval: "daily" | "monthly";
1895
- /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
1896
- amount: number;
1897
- };
1898
- /**
1899
- * @description Unkey comes with per-key ratelimiting out of the box.
1900
- * @example {
1901
- * "type": "fast",
1902
- * "limit": 10,
1903
- * "refillRate": 1,
1904
- * "refillInterval": 60
1905
- * }
1906
- */
1907
- ratelimit?: {
3400
+ id: string;
1908
3401
  /**
1909
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
1910
- * @default false
3402
+ * @description The name of the role.
3403
+ * @example domain.record.manager
1911
3404
  */
1912
- async?: boolean;
3405
+ name: string;
1913
3406
  /**
1914
- * @deprecated
1915
- * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
1916
- * @default fast
1917
- * @enum {string}
3407
+ * @description The description of what this role does. This is just for your team, your users will not see this.
3408
+ * @example Can manage dns records
1918
3409
  */
1919
- type?: "fast" | "consistent";
1920
- /** @description The total amount of burstable requests. */
1921
- limit: number;
3410
+ description?: string;
3411
+ }[];
3412
+ };
3413
+ };
3414
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3415
+ 400: {
3416
+ content: {
3417
+ "application/json": components["schemas"]["ErrBadRequest"];
3418
+ };
3419
+ };
3420
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3421
+ 401: {
3422
+ content: {
3423
+ "application/json": components["schemas"]["ErrUnauthorized"];
3424
+ };
3425
+ };
3426
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3427
+ 403: {
3428
+ content: {
3429
+ "application/json": components["schemas"]["ErrForbidden"];
3430
+ };
3431
+ };
3432
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3433
+ 404: {
3434
+ content: {
3435
+ "application/json": components["schemas"]["ErrNotFound"];
3436
+ };
3437
+ };
3438
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3439
+ 409: {
3440
+ content: {
3441
+ "application/json": components["schemas"]["ErrConflict"];
3442
+ };
3443
+ };
3444
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3445
+ 429: {
3446
+ content: {
3447
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3448
+ };
3449
+ };
3450
+ /** @description The server has encountered a situation it does not know how to handle. */
3451
+ 500: {
3452
+ content: {
3453
+ "application/json": components["schemas"]["ErrInternalServerError"];
3454
+ };
3455
+ };
3456
+ };
3457
+ };
3458
+ createIdentity: {
3459
+ requestBody: {
3460
+ content: {
3461
+ "application/json": {
3462
+ /**
3463
+ * @description The id of this identity in your system.
3464
+ *
3465
+ * This usually comes from your authentication provider and could be a userId, organisationId or even an email.
3466
+ * It does not matter what you use, as long as it uniquely identifies something in your application.
3467
+ *
3468
+ * @example user_123
3469
+ */
3470
+ externalId: string;
3471
+ /**
3472
+ * @description Attach metadata to this identity that you need to have access to when verifying a key.
3473
+ *
3474
+ * This will be returned as part of the `verifyKey` response.
3475
+ */
3476
+ meta?: {
3477
+ [key: string]: unknown;
3478
+ };
3479
+ /**
3480
+ * @description Attach ratelimits to this identity.
3481
+ *
3482
+ * When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits.
3483
+ */
3484
+ ratelimits?: {
1922
3485
  /**
1923
- * @deprecated
1924
- * @description How many tokens to refill during each refillInterval.
3486
+ * @description The name of this limit. You will need to use this again when verifying a key.
3487
+ * @example tokens
1925
3488
  */
1926
- refillRate: number;
3489
+ name: string;
1927
3490
  /**
1928
- * @deprecated
1929
- * @description Determines the speed at which tokens are refilled, in milliseconds.
3491
+ * @description How many requests may pass within a given window before requests are rejected.
3492
+ * @example 10
1930
3493
  */
1931
- refillInterval: number;
1932
- };
1933
- /**
1934
- * @description Sets if key is enabled or disabled. Disabled keys are not valid.
1935
- * @default true
1936
- * @example false
1937
- */
1938
- enabled?: boolean;
3494
+ limit: number;
3495
+ /**
3496
+ * @description The duration for each ratelimit window in milliseconds.
3497
+ * @example 1000
3498
+ */
3499
+ duration: number;
3500
+ }[];
3501
+ };
3502
+ };
3503
+ };
3504
+ responses: {
3505
+ /** @description The configuration for an api */
3506
+ 200: {
3507
+ content: {
3508
+ "application/json": {
1939
3509
  /**
1940
- * @description Environments allow you to divide your keyspace.
1941
- *
1942
- * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
1943
- * give the developer a way to develop their own application without the risk of modifying real world
1944
- * resources.
1945
- *
1946
- * When you set an environment, we will return it back to you when validating the key, so you can
1947
- * handle it correctly.
3510
+ * @description The id of the identity. Used internally, you do not need to store this.
3511
+ * @example id_123
1948
3512
  */
1949
- environment?: string;
1950
- })[];
3513
+ identityId: string;
3514
+ };
3515
+ };
3516
+ };
3517
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3518
+ 400: {
3519
+ content: {
3520
+ "application/json": components["schemas"]["ErrBadRequest"];
3521
+ };
3522
+ };
3523
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3524
+ 401: {
3525
+ content: {
3526
+ "application/json": components["schemas"]["ErrUnauthorized"];
3527
+ };
3528
+ };
3529
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3530
+ 403: {
3531
+ content: {
3532
+ "application/json": components["schemas"]["ErrForbidden"];
3533
+ };
3534
+ };
3535
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3536
+ 404: {
3537
+ content: {
3538
+ "application/json": components["schemas"]["ErrNotFound"];
3539
+ };
3540
+ };
3541
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3542
+ 409: {
3543
+ content: {
3544
+ "application/json": components["schemas"]["ErrConflict"];
3545
+ };
3546
+ };
3547
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3548
+ 429: {
3549
+ content: {
3550
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3551
+ };
3552
+ };
3553
+ /** @description The server has encountered a situation it does not know how to handle. */
3554
+ 500: {
3555
+ content: {
3556
+ "application/json": components["schemas"]["ErrInternalServerError"];
3557
+ };
3558
+ };
3559
+ };
3560
+ };
3561
+ getIdentity: {
3562
+ parameters: {
3563
+ query?: {
3564
+ identityId?: string;
3565
+ externalId?: string;
1951
3566
  };
1952
3567
  };
1953
3568
  responses: {
1954
- /** @description The key ids of all created keys */
3569
+ /** @description The configuration for an api */
1955
3570
  200: {
1956
3571
  content: {
1957
3572
  "application/json": {
1958
- /**
1959
- * @description The ids of the keys. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.
1960
- * @example [
1961
- * "key_123",
1962
- * "key_456"
1963
- * ]
3573
+ /** @description The id of this identity. Used to interact with unkey's API */
3574
+ id: string;
3575
+ /** @description The id in your system */
3576
+ externalId: string;
3577
+ /** @description The meta object defined for this identity. */
3578
+ meta: {
3579
+ [key: string]: unknown;
3580
+ };
3581
+ /** @description When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits. */
3582
+ ratelimits: {
3583
+ /**
3584
+ * @description The name of this limit. You will need to use this again when verifying a key.
3585
+ * @example tokens
3586
+ */
3587
+ name: string;
3588
+ /**
3589
+ * @description How many requests may pass within a given window before requests are rejected.
3590
+ * @example 10
3591
+ */
3592
+ limit: number;
3593
+ /**
3594
+ * @description The duration for each ratelimit window in milliseconds.
3595
+ * @example 1000
3596
+ */
3597
+ duration: number;
3598
+ }[];
3599
+ };
3600
+ };
3601
+ };
3602
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3603
+ 400: {
3604
+ content: {
3605
+ "application/json": components["schemas"]["ErrBadRequest"];
3606
+ };
3607
+ };
3608
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3609
+ 401: {
3610
+ content: {
3611
+ "application/json": components["schemas"]["ErrUnauthorized"];
3612
+ };
3613
+ };
3614
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3615
+ 403: {
3616
+ content: {
3617
+ "application/json": components["schemas"]["ErrForbidden"];
3618
+ };
3619
+ };
3620
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3621
+ 404: {
3622
+ content: {
3623
+ "application/json": components["schemas"]["ErrNotFound"];
3624
+ };
3625
+ };
3626
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3627
+ 409: {
3628
+ content: {
3629
+ "application/json": components["schemas"]["ErrConflict"];
3630
+ };
3631
+ };
3632
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3633
+ 429: {
3634
+ content: {
3635
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3636
+ };
3637
+ };
3638
+ /** @description The server has encountered a situation it does not know how to handle. */
3639
+ 500: {
3640
+ content: {
3641
+ "application/json": components["schemas"]["ErrInternalServerError"];
3642
+ };
3643
+ };
3644
+ };
3645
+ };
3646
+ listIdentities: {
3647
+ parameters: {
3648
+ query?: {
3649
+ environment?: string;
3650
+ limit?: number;
3651
+ cursor?: string;
3652
+ };
3653
+ };
3654
+ responses: {
3655
+ /** @description A list of identities. */
3656
+ 200: {
3657
+ content: {
3658
+ "application/json": {
3659
+ /** @description A list of identities. */
3660
+ identities: {
3661
+ /** @description The id of this identity. Used to interact with unkey's API */
3662
+ id: string;
3663
+ /** @description The id in your system */
3664
+ externalId: string;
3665
+ /** @description When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits. */
3666
+ ratelimits: {
3667
+ /**
3668
+ * @description The name of this limit. You will need to use this again when verifying a key.
3669
+ * @example tokens
3670
+ */
3671
+ name: string;
3672
+ /**
3673
+ * @description How many requests may pass within a given window before requests are rejected.
3674
+ * @example 10
3675
+ */
3676
+ limit: number;
3677
+ /**
3678
+ * @description The duration for each ratelimit window in milliseconds.
3679
+ * @example 1000
3680
+ */
3681
+ duration: number;
3682
+ }[];
3683
+ }[];
3684
+ /**
3685
+ * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
3686
+ * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1964
3687
  */
1965
- keyIds: string[];
3688
+ cursor?: string;
3689
+ /** @description The total number of identities for this environment */
3690
+ total: number;
1966
3691
  };
1967
3692
  };
1968
3693
  };
@@ -2010,166 +3735,140 @@ interface operations {
2010
3735
  };
2011
3736
  };
2012
3737
  };
2013
- "v1.migrations.enqueueKeys": {
3738
+ updateIdentity: {
2014
3739
  requestBody: {
2015
3740
  content: {
2016
3741
  "application/json": {
2017
- /** @description Contact support@unkey.dev to receive your migration id. */
2018
- migrationId: string;
2019
- /** @description The id of the api, you want to migrate keys to */
2020
- apiId: string;
2021
- keys: ({
2022
- /**
2023
- * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2024
- *
2025
- * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2026
- *
2027
- * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2028
- */
2029
- prefix?: string;
2030
- /**
2031
- * @description The name for your Key. This is not customer facing.
2032
- * @example my key
2033
- */
2034
- name?: string;
2035
- /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2036
- plaintext?: string;
2037
- /** @description Provide either `hash` or `plaintext` */
2038
- hash?: {
2039
- /** @description The hashed and encoded key */
2040
- value: string;
2041
- /**
2042
- * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2043
- * @enum {string}
2044
- */
2045
- variant: "sha256_base64";
2046
- };
2047
- /**
2048
- * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2049
- * @example unkey_32kq
2050
- */
2051
- start?: string;
2052
- /**
2053
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2054
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2055
- * @example team_123
2056
- */
2057
- ownerId?: string;
2058
- /**
2059
- * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2060
- * @example {
2061
- * "billingTier": "PRO",
2062
- * "trialEnds": "2023-06-16T17:16:37.161Z"
2063
- * }
2064
- */
2065
- meta?: {
2066
- [key: string]: unknown;
2067
- };
2068
- /**
2069
- * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2070
- * @example [
2071
- * "admin",
2072
- * "finance"
2073
- * ]
2074
- */
2075
- roles?: string[];
3742
+ /**
3743
+ * @description The id of the identity to update, use either `identityId` or `externalId`, if both are provided, `identityId` takes precedence.
3744
+ * @example id_1234
3745
+ */
3746
+ identityId?: string;
3747
+ /**
3748
+ * @description The externalId of the identity to update, use either `identityId` or `externalId`, if both are provided, `identityId` takes precedence.
3749
+ * @example user_1234
3750
+ */
3751
+ externalId?: string;
3752
+ /**
3753
+ * @description This is not yet used but here for future compatibility.
3754
+ * @default default
3755
+ */
3756
+ environment?: string;
3757
+ /**
3758
+ * @description Attach metadata to this identity that you need to have access to when verifying a key.
3759
+ *
3760
+ * Set to `{}` to clear.
3761
+ *
3762
+ * This will be returned as part of the `verifyKey` response.
3763
+ */
3764
+ meta?: {
3765
+ [key: string]: unknown;
3766
+ };
3767
+ /**
3768
+ * @description Attach ratelimits to this identity.
3769
+ *
3770
+ * This overwrites all existing ratelimits on this identity.
3771
+ * Setting an empty array will delete all existing ratelimits.
3772
+ *
3773
+ * When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits.
3774
+ */
3775
+ ratelimits?: {
2076
3776
  /**
2077
- * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2078
- * @example [
2079
- * "domains.create_record",
2080
- * "say_hello"
2081
- * ]
3777
+ * @description The name of this limit. You will need to use this again when verifying a key.
3778
+ * @example tokens
2082
3779
  */
2083
- permissions?: string[];
3780
+ name: string;
2084
3781
  /**
2085
- * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2086
- * @example 1623869797161
3782
+ * @description How many requests may pass within a given window before requests are rejected.
3783
+ * @example 10
2087
3784
  */
2088
- expires?: number;
3785
+ limit: number;
2089
3786
  /**
2090
- * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
3787
+ * @description The duration for each ratelimit window in milliseconds.
2091
3788
  * @example 1000
2092
3789
  */
2093
- remaining?: number;
2094
- /**
2095
- * @description Unkey enables you to refill verifications for each key at regular intervals.
2096
- * @example {
2097
- * "interval": "daily",
2098
- * "amount": 100
2099
- * }
2100
- */
2101
- refill?: {
2102
- /**
2103
- * @description Unkey will automatically refill verifications at the set interval.
2104
- * @enum {string}
2105
- */
2106
- interval: "daily" | "monthly";
2107
- /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2108
- amount: number;
2109
- };
2110
- /**
2111
- * @description Unkey comes with per-key fixed-window ratelimiting out of the box.
2112
- * @example {
2113
- * "type": "fast",
2114
- * "limit": 10,
2115
- * "duration": 60000
2116
- * }
2117
- */
2118
- ratelimit?: {
2119
- /**
2120
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2121
- * @default true
2122
- */
2123
- async?: boolean;
2124
- /**
2125
- * @deprecated
2126
- * @description Deprecated, use `async`. Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2127
- * @default fast
2128
- * @enum {string}
2129
- */
2130
- type?: "fast" | "consistent";
2131
- /** @description The total amount of requests in a given interval. */
2132
- limit: number;
2133
- /**
2134
- * @description The window duration in milliseconds
2135
- * @example 60000
2136
- */
2137
- duration: number;
2138
- /**
2139
- * @deprecated
2140
- * @description How many tokens to refill during each refillInterval.
2141
- */
2142
- refillRate?: number;
2143
- /**
2144
- * @deprecated
2145
- * @description The refill timeframe, in milliseconds.
2146
- */
2147
- refillInterval?: number;
2148
- };
3790
+ duration: number;
3791
+ }[];
3792
+ };
3793
+ };
3794
+ };
3795
+ responses: {
3796
+ /** @description The identity after the update. */
3797
+ 200: {
3798
+ content: {
3799
+ "application/json": {
2149
3800
  /**
2150
- * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2151
- * @default true
2152
- * @example false
3801
+ * @description The id of the permission. This is used internally
3802
+ * @example perm_123
2153
3803
  */
2154
- enabled?: boolean;
3804
+ id: string;
2155
3805
  /**
2156
- * @description Environments allow you to divide your keyspace.
2157
- *
2158
- * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2159
- * give the developer a way to develop their own application without the risk of modifying real world
2160
- * resources.
2161
- *
2162
- * When you set an environment, we will return it back to you when validating the key, so you can
2163
- * handle it correctly.
3806
+ * @description The name of the permission
3807
+ * @example dns.record.create
2164
3808
  */
2165
- environment?: string;
2166
- })[];
3809
+ name: string;
3810
+ }[];
3811
+ };
3812
+ };
3813
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3814
+ 400: {
3815
+ content: {
3816
+ "application/json": components["schemas"]["ErrBadRequest"];
3817
+ };
3818
+ };
3819
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3820
+ 401: {
3821
+ content: {
3822
+ "application/json": components["schemas"]["ErrUnauthorized"];
3823
+ };
3824
+ };
3825
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3826
+ 403: {
3827
+ content: {
3828
+ "application/json": components["schemas"]["ErrForbidden"];
3829
+ };
3830
+ };
3831
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3832
+ 404: {
3833
+ content: {
3834
+ "application/json": components["schemas"]["ErrNotFound"];
3835
+ };
3836
+ };
3837
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3838
+ 409: {
3839
+ content: {
3840
+ "application/json": components["schemas"]["ErrConflict"];
3841
+ };
3842
+ };
3843
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3844
+ 429: {
3845
+ content: {
3846
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3847
+ };
3848
+ };
3849
+ /** @description The server has encountered a situation it does not know how to handle. */
3850
+ 500: {
3851
+ content: {
3852
+ "application/json": components["schemas"]["ErrInternalServerError"];
3853
+ };
3854
+ };
3855
+ };
3856
+ };
3857
+ deleteeIdentity: {
3858
+ requestBody: {
3859
+ content: {
3860
+ "application/json": {
3861
+ /**
3862
+ * @description The id of the identity to delete
3863
+ * @example id_1234
3864
+ */
3865
+ identityId: string;
2167
3866
  };
2168
3867
  };
2169
3868
  };
2170
3869
  responses: {
2171
- /** @description The key ids of all created keys */
2172
- 202: {
3870
+ /** @description The identity was successfully deleted, it may take up to 30s for this to take effect in all regions */
3871
+ 200: {
2173
3872
  content: {
2174
3873
  "application/json": Record<string, never>;
2175
3874
  };
@@ -2474,7 +4173,7 @@ interface operations {
2474
4173
  * @example NOT_FOUND
2475
4174
  * @enum {string}
2476
4175
  */
2477
- code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
4176
+ code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
2478
4177
  };
2479
4178
  };
2480
4179
  };
@@ -2676,32 +4375,10 @@ declare class Unkey {
2676
4375
  get keys(): {
2677
4376
  create: (req: paths["/v1/keys.createKey"]["post"]["requestBody"]["content"]["application/json"]) => Promise<Result<paths["/v1/keys.createKey"]["post"]["responses"]["200"]["content"]["application/json"]>>;
2678
4377
  update: (req: paths["/v1/keys.updateKey"]["post"]["requestBody"]["content"]["application/json"]) => Promise<Result<paths["/v1/keys.updateKey"]["post"]["responses"]["200"]["content"]["application/json"]>>;
2679
- verify: <TPermission extends string = string>(req: Omit<{
2680
- apiId?: string | undefined;
2681
- key: string;
2682
- authorization?: {
2683
- permissions?: string | {
2684
- and: (string | any | {
2685
- or: (string | any | any | null)[];
2686
- } | null)[];
2687
- } | {
2688
- or: (string | any | any | null)[];
2689
- } | null | undefined;
2690
- } | undefined;
2691
- ratelimit?: {
2692
- cost?: number | undefined;
2693
- } | undefined;
2694
- ratelimits?: {
2695
- name: string;
2696
- cost?: number | undefined;
2697
- identifier?: string | undefined;
2698
- limit?: number | undefined;
2699
- duration?: number | undefined;
2700
- }[] | undefined;
2701
- }, "authorization"> & {
4378
+ verify: <TPermission extends string = string>(req: Omit<paths["/v1/keys.verifyKey"]["post"]["requestBody"]["content"]["application/json"], "authorization"> & {
2702
4379
  authorization?: {
2703
4380
  permissions: PermissionQuery<TPermission>;
2704
- } | undefined;
4381
+ };
2705
4382
  }) => Promise<Result<paths["/v1/keys.verifyKey"]["post"]["responses"]["200"]["content"]["application/json"]>>;
2706
4383
  delete: (req: paths["/v1/keys.deleteKey"]["post"]["requestBody"]["content"]["application/json"]) => Promise<Result<paths["/v1/keys.deleteKey"]["post"]["responses"]["200"]["content"]["application/json"]>>;
2707
4384
  updateRemaining: (req: paths["/v1/keys.updateRemaining"]["post"]["requestBody"]["content"]["application/json"]) => Promise<Result<paths["/v1/keys.updateRemaining"]["post"]["responses"]["200"]["content"]["application/json"]>>;
@@ -2748,35 +4425,37 @@ declare function verifyKey(req: string | {
2748
4425
  key: string;
2749
4426
  apiId: string;
2750
4427
  }): Promise<{
2751
- result?: undefined;
2752
- error: {
2753
- code: "INTERNAL_SERVER_ERROR";
2754
- docs: string;
2755
- message: string;
2756
- requestId: string;
2757
- };
4428
+ result?: never;
4429
+ error: ErrorResponse["error"];
2758
4430
  } | {
2759
4431
  result: {
2760
- keyId?: string | undefined;
4432
+ keyId?: string;
2761
4433
  valid: boolean;
2762
- name?: string | undefined;
2763
- ownerId?: string | undefined;
4434
+ name?: string;
4435
+ ownerId?: string;
2764
4436
  meta?: {
2765
4437
  [key: string]: unknown;
2766
- } | undefined;
2767
- expires?: number | undefined;
4438
+ };
4439
+ expires?: number;
2768
4440
  ratelimit?: {
2769
4441
  limit: number;
2770
4442
  remaining: number;
2771
4443
  reset: number;
2772
- } | undefined;
2773
- remaining?: number | undefined;
2774
- code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
2775
- enabled?: boolean | undefined;
2776
- permissions?: string[] | undefined;
2777
- environment?: string | undefined;
2778
- };
2779
- error?: undefined;
4444
+ };
4445
+ remaining?: number;
4446
+ code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
4447
+ enabled?: boolean;
4448
+ permissions?: string[];
4449
+ environment?: string;
4450
+ identity?: {
4451
+ id: string;
4452
+ externalId: string;
4453
+ meta: {
4454
+ [key: string]: unknown;
4455
+ };
4456
+ };
4457
+ };
4458
+ error?: never;
2780
4459
  }>;
2781
4460
 
2782
4461
  export { type ErrorResponse, Unkey, type UnkeyOptions, verifyKey };