@unkey/api 0.22.1 → 0.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.d.mts +2202 -437
  2. package/dist/index.d.ts +2202 -437
  3. package/dist/index.js +1 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/index.mjs +1 -1
  6. package/dist/index.mjs.map +1 -1
  7. package/package.json +1 -1
package/dist/index.d.ts CHANGED
@@ -37,6 +37,24 @@ interface paths {
37
37
  "/v1/keys.getVerifications": {
38
38
  get: operations["getVerifications"];
39
39
  };
40
+ "/v1/keys.addPermissions": {
41
+ post: operations["addPermissions"];
42
+ };
43
+ "/v1/keys.removePermissions": {
44
+ post: operations["removePermissions"];
45
+ };
46
+ "/v1/keys.setPermissions": {
47
+ post: operations["setPermissions"];
48
+ };
49
+ "/v1/keys.addRoles": {
50
+ post: operations["addRoles"];
51
+ };
52
+ "/v1/keys.removeRoles": {
53
+ post: operations["removeRoles"];
54
+ };
55
+ "/v1/keys.setRoles": {
56
+ post: operations["setRoles"];
57
+ };
40
58
  "/v1/apis.getApi": {
41
59
  get: operations["getApi"];
42
60
  };
@@ -61,6 +79,45 @@ interface paths {
61
79
  "/v1/migrations.enqueueKeys": {
62
80
  post: operations["v1.migrations.enqueueKeys"];
63
81
  };
82
+ "/v1/permissions.createPermission": {
83
+ post: operations["createPermission"];
84
+ };
85
+ "/v1/permissions.deletePermission": {
86
+ post: operations["deletePermission"];
87
+ };
88
+ "/v1/permissions.getPermission": {
89
+ get: operations["getPermission"];
90
+ };
91
+ "/v1/permissions.listPermissions": {
92
+ get: operations["listPermissions"];
93
+ };
94
+ "/v1/permissions.createRole": {
95
+ post: operations["createRole"];
96
+ };
97
+ "/v1/permissions.deleteRole": {
98
+ post: operations["deleteRole"];
99
+ };
100
+ "/v1/permissions.getRole": {
101
+ get: operations["getRole"];
102
+ };
103
+ "/v1/permissions.listRoles": {
104
+ get: operations["listRoles"];
105
+ };
106
+ "/v1/identities.createIdentity": {
107
+ post: operations["createIdentity"];
108
+ };
109
+ "/v1/identities.getIdentity": {
110
+ get: operations["getIdentity"];
111
+ };
112
+ "/v1/identities.listIdentities": {
113
+ get: operations["listIdentities"];
114
+ };
115
+ "/v1/identities.updateIdentity": {
116
+ post: operations["updateIdentity"];
117
+ };
118
+ "/v1/identities.deleteIdentity": {
119
+ post: operations["deleteIdentity"];
120
+ };
64
121
  "/v1/keys": {
65
122
  post: operations["deprecated.createKey"];
66
123
  };
@@ -283,11 +340,6 @@ interface components {
283
340
  * @example 0
284
341
  */
285
342
  updatedAt?: number;
286
- /**
287
- * @description The unix timestamp in milliseconds when the key was deleted. We don't delete the key outright, you can restore it later.
288
- * @example 0
289
- */
290
- deletedAt?: number;
291
343
  /**
292
344
  * @description The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.
293
345
  * @example 0
@@ -370,6 +422,17 @@ interface components {
370
422
  enabled?: boolean;
371
423
  /** @description The key in plaintext */
372
424
  plaintext?: string;
425
+ /** @description The identity of the key */
426
+ identity?: {
427
+ /** @description The id of the identity */
428
+ id: string;
429
+ /** @description The external id of the identity */
430
+ externalId: string;
431
+ /** @description Any additional metadata attached to the identity */
432
+ meta?: {
433
+ [key: string]: unknown;
434
+ };
435
+ };
373
436
  };
374
437
  V1KeysVerifyKeyResponse: {
375
438
  /**
@@ -412,7 +475,7 @@ interface components {
412
475
  */
413
476
  expires?: number;
414
477
  /**
415
- * @description Multi ratelimits TODO:
478
+ * @description The ratelimit configuration for this key. If this field is null or undefined, the key has no ratelimit.
416
479
  * @example {
417
480
  * "limit": 10,
418
481
  * "remaining": 9,
@@ -452,10 +515,11 @@ interface components {
452
515
  * - UNAUTHORIZED: the key is not authorized
453
516
  * - DISABLED: the key is disabled
454
517
  * - INSUFFICIENT_PERMISSIONS: you do not have the required permissions to perform this action
518
+ * - EXPIRED: The key was only valid for a certain time and has expired.
455
519
  *
456
520
  * @enum {string}
457
521
  */
458
- code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
522
+ code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
459
523
  /** @description Sets the key to be enabled or disabled. Disabled keys will not verify. */
460
524
  enabled?: boolean;
461
525
  /**
@@ -471,6 +535,14 @@ interface components {
471
535
  * @example test
472
536
  */
473
537
  environment?: string;
538
+ /** @description The associated identity of this key. */
539
+ identity?: {
540
+ id: string;
541
+ externalId: string;
542
+ meta: {
543
+ [key: string]: unknown;
544
+ };
545
+ };
474
546
  };
475
547
  /** @description A query for which permissions you require */
476
548
  PermissionQuery: OneOf<[string, {
@@ -494,6 +566,10 @@ interface components {
494
566
  authorization?: {
495
567
  permissions?: components["schemas"]["PermissionQuery"];
496
568
  };
569
+ /**
570
+ * @deprecated
571
+ * @description Use 'ratelimits' with `[{ name: "default", cost: 2}]`
572
+ */
497
573
  ratelimit?: {
498
574
  /**
499
575
  * @description Override how many tokens are deducted during the ratelimit operation.
@@ -501,9 +577,25 @@ interface components {
501
577
  */
502
578
  cost?: number;
503
579
  };
580
+ /**
581
+ * @description You can check against multiple ratelimits when verifying a key. Let's say you are building an app that uses AI under the hood and you want to limit your customers to 500 requests per hour, but also ensure they use up less than 20k tokens per day.
582
+ *
583
+ * @example [
584
+ * {
585
+ * "name": "requests",
586
+ * "limit": 500,
587
+ * "duration": 3600000
588
+ * },
589
+ * {
590
+ * "name": "tokens",
591
+ * "limit": 20000,
592
+ * "duration": 86400000
593
+ * }
594
+ * ]
595
+ */
504
596
  ratelimits?: {
505
597
  /**
506
- * @description The name of the ratelimit
598
+ * @description The name of the ratelimit.
507
599
  * @example tokens
508
600
  */
509
601
  name: string;
@@ -512,17 +604,34 @@ interface components {
512
604
  * @default 1
513
605
  */
514
606
  cost?: number;
515
- /**
516
- * @description The identifier used for ratelimiting. If omitted, we use the key's id.
517
- * @default key id
518
- */
519
- identifier?: string;
520
607
  /** @description Optionally override the limit. */
521
608
  limit?: number;
522
609
  /** @description Optionally override the ratelimit window duration. */
523
610
  duration?: number;
524
611
  }[];
525
612
  };
613
+ ErrDeleteProtected: {
614
+ error: {
615
+ /**
616
+ * @description A machine readable error code.
617
+ * @example DELETE_PROTECTED
618
+ * @enum {string}
619
+ */
620
+ code: "DELETE_PROTECTED";
621
+ /**
622
+ * @description A link to our documentation with more details about this error code
623
+ * @example https://unkey.dev/docs/api-reference/errors/code/DELETE_PROTECTED
624
+ */
625
+ docs: string;
626
+ /** @description A human readable explanation of what went wrong */
627
+ message: string;
628
+ /**
629
+ * @description Please always include the requestId in your error report
630
+ * @example req_1234
631
+ */
632
+ requestId: string;
633
+ };
634
+ };
526
635
  };
527
636
  responses: never;
528
637
  parameters: {
@@ -756,11 +865,17 @@ interface operations {
756
865
  */
757
866
  byteLength?: number;
758
867
  /**
759
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
760
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
868
+ * @deprecated
869
+ * @description Deprecated, use `externalId`
761
870
  * @example team_123
762
871
  */
763
872
  ownerId?: string;
873
+ /**
874
+ * @description Your user's Id. This will provide a link between Unkey and your customer record.
875
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
876
+ * @example team_123
877
+ */
878
+ externalId?: string;
764
879
  /**
765
880
  * @description This is a place for dynamic meta data, anything that feels useful for you should go here
766
881
  * @example {
@@ -858,6 +973,15 @@ interface operations {
858
973
  * @example false
859
974
  */
860
975
  enabled?: boolean;
976
+ /**
977
+ * @description You may want to show keys again later. While we do not recommend this, we leave this option open for you.
978
+ *
979
+ * In addition to storing the key's hash, recoverable keys are stored in an encrypted vault, allowing you to retrieve and display the plaintext later.
980
+ *
981
+ * https://www.unkey.com/docs/security/recovering-keys for more information.
982
+ * @default false
983
+ */
984
+ recoverable?: boolean;
861
985
  /**
862
986
  * @description Environments allow you to divide your keyspace.
863
987
  *
@@ -1041,24 +1165,33 @@ interface operations {
1041
1165
  /**
1042
1166
  * @deprecated
1043
1167
  * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
1168
+ * Deprecated, use 'async' instead
1044
1169
  * @enum {string}
1045
1170
  */
1046
1171
  type?: "fast" | "consistent";
1047
1172
  /**
1048
- * @description Asnyc ratelimiting doesn't add latency, while sync ratelimiting is more accurate.
1173
+ * @description Asnyc ratelimiting doesn't add latency, while sync ratelimiting is slightly more accurate.
1049
1174
  * @default false
1050
1175
  */
1051
1176
  async?: boolean;
1052
- /** @description The total amount of burstable requests. */
1177
+ /** @description The total amount of requests allowed in a single window. */
1053
1178
  limit: number;
1054
1179
  /**
1055
1180
  * @deprecated
1056
1181
  * @description How many tokens to refill during each refillInterval.
1182
+ * Deprecated, use 'limit' instead.
1057
1183
  */
1058
1184
  refillRate?: number;
1059
- /** @description Determines the speed at which tokens are refilled, in milliseconds. */
1060
- refillInterval: number;
1061
- /** @description The duration of each ratelimit window, in milliseconds. */
1185
+ /**
1186
+ * @deprecated
1187
+ * @description Determines the speed at which tokens are refilled, in milliseconds.
1188
+ * Deprecated, use 'duration'
1189
+ */
1190
+ refillInterval?: number;
1191
+ /**
1192
+ * @description The duration of each ratelimit window, in milliseconds.
1193
+ * This field will become required in a future version.
1194
+ */
1062
1195
  duration?: number;
1063
1196
  }) | null;
1064
1197
  /**
@@ -1087,6 +1220,60 @@ interface operations {
1087
1220
  * @example true
1088
1221
  */
1089
1222
  enabled?: boolean;
1223
+ /**
1224
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1225
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1226
+ * @example [
1227
+ * {
1228
+ * "id": "perm_123"
1229
+ * },
1230
+ * {
1231
+ * "name": "dns.record.create"
1232
+ * },
1233
+ * {
1234
+ * "name": "dns.record.delete",
1235
+ * "create": true
1236
+ * }
1237
+ * ]
1238
+ */
1239
+ roles?: {
1240
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1241
+ id?: string;
1242
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1243
+ name?: string;
1244
+ /**
1245
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1246
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1247
+ */
1248
+ create?: boolean;
1249
+ }[];
1250
+ /**
1251
+ * @description The permissions you want to set for this key. This overwrites all existing permissions.
1252
+ * Setting permissions requires the `rbac.*.add_permission_to_key` permission.
1253
+ * @example [
1254
+ * {
1255
+ * "id": "perm_123"
1256
+ * },
1257
+ * {
1258
+ * "name": "dns.record.create"
1259
+ * },
1260
+ * {
1261
+ * "name": "dns.record.delete",
1262
+ * "create": true
1263
+ * }
1264
+ * ]
1265
+ */
1266
+ permissions?: {
1267
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1268
+ id?: string;
1269
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1270
+ name?: string;
1271
+ /**
1272
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1273
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1274
+ */
1275
+ create?: boolean;
1276
+ }[];
1090
1277
  };
1091
1278
  };
1092
1279
  };
@@ -1304,33 +1491,43 @@ interface operations {
1304
1491
  };
1305
1492
  };
1306
1493
  };
1307
- getApi: {
1308
- parameters: {
1309
- query: {
1310
- apiId: string;
1494
+ addPermissions: {
1495
+ requestBody: {
1496
+ content: {
1497
+ "application/json": {
1498
+ /** @description The id of the key. */
1499
+ keyId: string;
1500
+ /** @description The permissions you want to add to this key */
1501
+ permissions: {
1502
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1503
+ id?: string;
1504
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1505
+ name?: string;
1506
+ /**
1507
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1508
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1509
+ */
1510
+ create?: boolean;
1511
+ }[];
1512
+ };
1311
1513
  };
1312
1514
  };
1313
1515
  responses: {
1314
- /** @description The configuration for an api */
1516
+ /** @description All currently connected permissions */
1315
1517
  200: {
1316
1518
  content: {
1317
1519
  "application/json": {
1318
- /**
1319
- * @description The id of the key
1320
- * @example key_1234
1321
- */
1322
- id: string;
1323
- /**
1324
- * @description The id of the workspace that owns the api
1325
- * @example ws_1234
1326
- */
1327
- workspaceId: string;
1328
- /**
1329
- * @description The name of the api. This is internal and your users will not see this.
1330
- * @example Unkey - Production
1331
- */
1332
- name?: string;
1333
- };
1520
+ /**
1521
+ * @description The id of the permission. This is used internally
1522
+ * @example perm_123
1523
+ */
1524
+ id: string;
1525
+ /**
1526
+ * @description The name of the permission
1527
+ * @example dns.record.create
1528
+ */
1529
+ name: string;
1530
+ }[];
1334
1531
  };
1335
1532
  };
1336
1533
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1377,29 +1574,37 @@ interface operations {
1377
1574
  };
1378
1575
  };
1379
1576
  };
1380
- createApi: {
1577
+ removePermissions: {
1381
1578
  requestBody: {
1382
1579
  content: {
1383
1580
  "application/json": {
1581
+ /** @description The id of the key. */
1582
+ keyId: string;
1384
1583
  /**
1385
- * @description The name for your API. This is not customer facing.
1386
- * @example my-api
1584
+ * @description The permissions you want to remove from this key.
1585
+ * @example [
1586
+ * {
1587
+ * "id": "perm_123"
1588
+ * },
1589
+ * {
1590
+ * "name": "dns.record.create"
1591
+ * }
1592
+ * ]
1387
1593
  */
1388
- name: string;
1594
+ permissions: {
1595
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1596
+ id?: string;
1597
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1598
+ name?: string;
1599
+ }[];
1389
1600
  };
1390
1601
  };
1391
1602
  };
1392
1603
  responses: {
1393
- /** @description The configuration for an api */
1604
+ /** @description Success */
1394
1605
  200: {
1395
1606
  content: {
1396
- "application/json": {
1397
- /**
1398
- * @description The id of the api
1399
- * @example api_134
1400
- */
1401
- apiId: string;
1402
- };
1607
+ "application/json": Record<string, never>;
1403
1608
  };
1404
1609
  };
1405
1610
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1446,30 +1651,58 @@ interface operations {
1446
1651
  };
1447
1652
  };
1448
1653
  };
1449
- listKeys: {
1450
- parameters: {
1451
- query: {
1452
- apiId: string;
1453
- limit?: number;
1454
- cursor?: string;
1455
- ownerId?: string;
1456
- decrypt?: boolean | null;
1654
+ setPermissions: {
1655
+ requestBody: {
1656
+ content: {
1657
+ "application/json": {
1658
+ /** @description The id of the key. */
1659
+ keyId: string;
1660
+ /**
1661
+ * @description The permissions you want to set for this key. This overwrites all existing permissions.
1662
+ * Setting permissions requires the `rbac.*.add_permission_to_key` permission.
1663
+ * @example [
1664
+ * {
1665
+ * "id": "perm_123"
1666
+ * },
1667
+ * {
1668
+ * "name": "dns.record.create"
1669
+ * },
1670
+ * {
1671
+ * "name": "dns.record.delete",
1672
+ * "create": true
1673
+ * }
1674
+ * ]
1675
+ */
1676
+ permissions: {
1677
+ /** @description The id of the permission. Provide either `id` or `name`. If both are provided `id` is used. */
1678
+ id?: string;
1679
+ /** @description Identify the permission via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1680
+ name?: string;
1681
+ /**
1682
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1683
+ * Autocreating permissions requires your root key to have the `rbac.*.create_permission` permission, otherwise the request will get rejected
1684
+ */
1685
+ create?: boolean;
1686
+ }[];
1687
+ };
1457
1688
  };
1458
1689
  };
1459
1690
  responses: {
1460
- /** @description The configuration for an api */
1691
+ /** @description All currently connected permissions */
1461
1692
  200: {
1462
1693
  content: {
1463
1694
  "application/json": {
1464
- keys: components["schemas"]["Key"][];
1465
- /**
1466
- * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
1467
- * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1468
- */
1469
- cursor?: string;
1470
- /** @description The total number of keys for this api */
1471
- total: number;
1472
- };
1695
+ /**
1696
+ * @description The id of the permission. This is used internally
1697
+ * @example perm_123
1698
+ */
1699
+ id: string;
1700
+ /**
1701
+ * @description The name of the permission
1702
+ * @example dns.record.create
1703
+ */
1704
+ name: string;
1705
+ }[];
1473
1706
  };
1474
1707
  };
1475
1708
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1516,23 +1749,58 @@ interface operations {
1516
1749
  };
1517
1750
  };
1518
1751
  };
1519
- deleteApi: {
1752
+ addRoles: {
1520
1753
  requestBody: {
1521
1754
  content: {
1522
1755
  "application/json": {
1756
+ /** @description The id of the key. */
1757
+ keyId: string;
1523
1758
  /**
1524
- * @description The id of the api to delete
1525
- * @example api_1234
1759
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1760
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1761
+ * @example [
1762
+ * {
1763
+ * "id": "role_123"
1764
+ * },
1765
+ * {
1766
+ * "name": "dns.record.create"
1767
+ * },
1768
+ * {
1769
+ * "name": "dns.record.delete",
1770
+ * "create": true
1771
+ * }
1772
+ * ]
1526
1773
  */
1527
- apiId: string;
1774
+ roles: {
1775
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1776
+ id?: string;
1777
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1778
+ name?: string;
1779
+ /**
1780
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1781
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1782
+ */
1783
+ create?: boolean;
1784
+ }[];
1528
1785
  };
1529
1786
  };
1530
1787
  };
1531
1788
  responses: {
1532
- /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
1789
+ /** @description All currently connected roles */
1533
1790
  200: {
1534
1791
  content: {
1535
- "application/json": Record<string, never>;
1792
+ "application/json": {
1793
+ /**
1794
+ * @description The id of the role. This is used internally
1795
+ * @example role_123
1796
+ */
1797
+ id: string;
1798
+ /**
1799
+ * @description The name of the role
1800
+ * @example dns.record.create
1801
+ */
1802
+ name: string;
1803
+ }[];
1536
1804
  };
1537
1805
  };
1538
1806
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1579,31 +1847,37 @@ interface operations {
1579
1847
  };
1580
1848
  };
1581
1849
  };
1582
- deleteKeys: {
1850
+ removeRoles: {
1583
1851
  requestBody: {
1584
1852
  content: {
1585
1853
  "application/json": {
1854
+ /** @description The id of the key. */
1855
+ keyId: string;
1586
1856
  /**
1587
- * @description The id of the api, that the keys belong to.
1588
- * @example api_1234
1589
- */
1590
- apiId: string;
1591
- /**
1592
- * @description If true, the keys will be permanently deleted. If false, the keys will be soft-deleted and can be restored later.
1593
- * @default false
1857
+ * @description The roles you want to remove from this key.
1858
+ * @example [
1859
+ * {
1860
+ * "id": "role_123"
1861
+ * },
1862
+ * {
1863
+ * "name": "dns.record.create"
1864
+ * }
1865
+ * ]
1594
1866
  */
1595
- permanent?: boolean;
1867
+ roles: {
1868
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1869
+ id?: string;
1870
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1871
+ name?: string;
1872
+ }[];
1596
1873
  };
1597
1874
  };
1598
1875
  };
1599
1876
  responses: {
1600
- /** @description The keys have been deleted */
1877
+ /** @description Success */
1601
1878
  200: {
1602
1879
  content: {
1603
- "application/json": {
1604
- /** @description The number of keys that were deleted */
1605
- deletedKeys: number;
1606
- };
1880
+ "application/json": Record<string, never>;
1607
1881
  };
1608
1882
  };
1609
1883
  /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
@@ -1650,107 +1924,130 @@ interface operations {
1650
1924
  };
1651
1925
  };
1652
1926
  };
1653
- limit: {
1927
+ setRoles: {
1654
1928
  requestBody: {
1655
1929
  content: {
1656
1930
  "application/json": {
1931
+ /** @description The id of the key. */
1932
+ keyId: string;
1657
1933
  /**
1658
- * @description Namespaces group different limits together for better analytics. You might have a namespace for your public API and one for internal tRPC routes.
1659
- * @default default
1660
- * @example email.outbound
1934
+ * @description The roles you want to set for this key. This overwrites all existing roles.
1935
+ * Setting roles requires the `rbac.*.add_role_to_key` permission.
1936
+ * @example [
1937
+ * {
1938
+ * "id": "role_123"
1939
+ * },
1940
+ * {
1941
+ * "name": "dns.record.create"
1942
+ * },
1943
+ * {
1944
+ * "name": "dns.record.delete",
1945
+ * "create": true
1946
+ * }
1947
+ * ]
1661
1948
  */
1662
- namespace?: string;
1663
- /**
1664
- * @description Identifier of your user, this can be their userId, an email, an ip or anything else.
1665
- * @example user_123
1666
- */
1667
- identifier: string;
1668
- /**
1669
- * @description How many requests may pass in a given window.
1670
- * @example 10
1671
- */
1672
- limit: number;
1673
- /**
1674
- * @description The window duration in milliseconds
1675
- * @example 60000
1676
- */
1677
- duration: number;
1678
- /**
1679
- * @description Expensive requests may use up more tokens. You can specify a cost to the request here and we'll deduct this many tokens in the current window.
1680
- * If there are not enough tokens left, the request is denied.
1681
- *
1682
- * Set it to 0 to receive the current limit without changing anything.
1683
- * @default 1
1684
- * @example 2
1685
- */
1686
- cost?: number;
1687
- /**
1688
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
1689
- * @default false
1690
- */
1691
- async?: boolean;
1692
- /** @description Attach any metadata to this request */
1693
- meta?: {
1694
- [key: string]: unknown;
1695
- };
1696
- /**
1697
- * @description Resources that are about to be accessed by the user
1698
- * @example [
1699
- * {
1700
- * "type": "project",
1701
- * "id": "p_123",
1702
- * "name": "dub"
1703
- * }
1704
- * ]
1705
- */
1706
- resources?: {
1949
+ roles: {
1950
+ /** @description The id of the role. Provide either `id` or `name`. If both are provided `id` is used. */
1951
+ id?: string;
1952
+ /** @description Identify the role via its name. Provide either `id` or `name`. If both are provided `id` is used. */
1953
+ name?: string;
1707
1954
  /**
1708
- * @description The type of resource
1709
- * @example organization
1955
+ * @description Set to true to automatically create the permissions they do not exist yet. Only works when specifying `name`.
1956
+ * Autocreating roles requires your root key to have the `rbac.*.create_role` permission, otherwise the request will get rejected
1710
1957
  */
1711
- type: string;
1958
+ create?: boolean;
1959
+ }[];
1960
+ };
1961
+ };
1962
+ };
1963
+ responses: {
1964
+ /** @description All currently connected roles */
1965
+ 200: {
1966
+ content: {
1967
+ "application/json": {
1712
1968
  /**
1713
- * @description The unique identifier for the resource
1714
- * @example org_123
1969
+ * @description The id of the role. This is used internally
1970
+ * @example role_123
1715
1971
  */
1716
1972
  id: string;
1717
1973
  /**
1718
- * @description A human readable name for this resource
1719
- * @example unkey
1974
+ * @description The name of the role
1975
+ * @example dns.record.create
1720
1976
  */
1721
- name?: string;
1722
- /** @description Attach any metadata to this resources */
1723
- meta?: {
1724
- [key: string]: unknown;
1725
- };
1977
+ name: string;
1726
1978
  }[];
1727
1979
  };
1728
1980
  };
1981
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
1982
+ 400: {
1983
+ content: {
1984
+ "application/json": components["schemas"]["ErrBadRequest"];
1985
+ };
1986
+ };
1987
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
1988
+ 401: {
1989
+ content: {
1990
+ "application/json": components["schemas"]["ErrUnauthorized"];
1991
+ };
1992
+ };
1993
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
1994
+ 403: {
1995
+ content: {
1996
+ "application/json": components["schemas"]["ErrForbidden"];
1997
+ };
1998
+ };
1999
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2000
+ 404: {
2001
+ content: {
2002
+ "application/json": components["schemas"]["ErrNotFound"];
2003
+ };
2004
+ };
2005
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2006
+ 409: {
2007
+ content: {
2008
+ "application/json": components["schemas"]["ErrConflict"];
2009
+ };
2010
+ };
2011
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2012
+ 429: {
2013
+ content: {
2014
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2015
+ };
2016
+ };
2017
+ /** @description The server has encountered a situation it does not know how to handle. */
2018
+ 500: {
2019
+ content: {
2020
+ "application/json": components["schemas"]["ErrInternalServerError"];
2021
+ };
2022
+ };
2023
+ };
2024
+ };
2025
+ getApi: {
2026
+ parameters: {
2027
+ query: {
2028
+ apiId: string;
2029
+ };
1729
2030
  };
1730
2031
  responses: {
2032
+ /** @description The configuration for an api */
1731
2033
  200: {
1732
2034
  content: {
1733
2035
  "application/json": {
1734
2036
  /**
1735
- * @description Returns true if the request should be processed, false if it was rejected.
1736
- * @example true
1737
- */
1738
- success: boolean;
1739
- /**
1740
- * @description How many requests are allowed within a window.
1741
- * @example 10
2037
+ * @description The id of the key
2038
+ * @example key_1234
1742
2039
  */
1743
- limit: number;
2040
+ id: string;
1744
2041
  /**
1745
- * @description How many requests can still be made in the current window.
1746
- * @example 9
2042
+ * @description The id of the workspace that owns the api
2043
+ * @example ws_1234
1747
2044
  */
1748
- remaining: number;
2045
+ workspaceId: string;
1749
2046
  /**
1750
- * @description A unix millisecond timestamp when the limits reset.
1751
- * @example 1709804263654
2047
+ * @description The name of the api. This is internal and your users will not see this.
2048
+ * @example Unkey - Production
1752
2049
  */
1753
- reset: number;
2050
+ name?: string;
1754
2051
  };
1755
2052
  };
1756
2053
  };
@@ -1798,171 +2095,1637 @@ interface operations {
1798
2095
  };
1799
2096
  };
1800
2097
  };
1801
- "v1.migrations.createKeys": {
2098
+ createApi: {
1802
2099
  requestBody: {
1803
2100
  content: {
1804
- "application/json": ({
2101
+ "application/json": {
2102
+ /**
2103
+ * @description The name for your API. This is not customer facing.
2104
+ * @example my-api
2105
+ */
2106
+ name: string;
2107
+ };
2108
+ };
2109
+ };
2110
+ responses: {
2111
+ /** @description The configuration for an api */
2112
+ 200: {
2113
+ content: {
2114
+ "application/json": {
1805
2115
  /**
1806
- * @description Choose an `API` where this key should be created.
1807
- * @example api_123
2116
+ * @description The id of the api
2117
+ * @example api_134
1808
2118
  */
1809
2119
  apiId: string;
2120
+ };
2121
+ };
2122
+ };
2123
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2124
+ 400: {
2125
+ content: {
2126
+ "application/json": components["schemas"]["ErrBadRequest"];
2127
+ };
2128
+ };
2129
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2130
+ 401: {
2131
+ content: {
2132
+ "application/json": components["schemas"]["ErrUnauthorized"];
2133
+ };
2134
+ };
2135
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2136
+ 403: {
2137
+ content: {
2138
+ "application/json": components["schemas"]["ErrForbidden"];
2139
+ };
2140
+ };
2141
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2142
+ 404: {
2143
+ content: {
2144
+ "application/json": components["schemas"]["ErrNotFound"];
2145
+ };
2146
+ };
2147
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2148
+ 409: {
2149
+ content: {
2150
+ "application/json": components["schemas"]["ErrConflict"];
2151
+ };
2152
+ };
2153
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2154
+ 429: {
2155
+ content: {
2156
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2157
+ };
2158
+ };
2159
+ /** @description The server has encountered a situation it does not know how to handle. */
2160
+ 500: {
2161
+ content: {
2162
+ "application/json": components["schemas"]["ErrInternalServerError"];
2163
+ };
2164
+ };
2165
+ };
2166
+ };
2167
+ listKeys: {
2168
+ parameters: {
2169
+ query: {
2170
+ apiId: string;
2171
+ limit?: number;
2172
+ cursor?: string;
2173
+ ownerId?: string;
2174
+ externalId?: string;
2175
+ decrypt?: boolean | null;
2176
+ };
2177
+ };
2178
+ responses: {
2179
+ /** @description The configuration for an api */
2180
+ 200: {
2181
+ content: {
2182
+ "application/json": {
2183
+ keys: components["schemas"]["Key"][];
1810
2184
  /**
1811
- * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
1812
- *
1813
- * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
1814
- *
1815
- * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
1816
- */
1817
- prefix?: string;
1818
- /**
1819
- * @description The name for your Key. This is not customer facing.
1820
- * @example my key
1821
- */
1822
- name?: string;
1823
- /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
1824
- plaintext?: string;
1825
- /** @description Provide either `hash` or `plaintext` */
1826
- hash?: {
1827
- /** @description The hashed and encoded key */
1828
- value: string;
1829
- /**
1830
- * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
1831
- * @enum {string}
1832
- */
1833
- variant: "sha256_base64";
1834
- };
1835
- /**
1836
- * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
1837
- * @example unkey_32kq
1838
- */
1839
- start?: string;
1840
- /**
1841
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
1842
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
1843
- * @example team_123
2185
+ * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
2186
+ * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1844
2187
  */
1845
- ownerId?: string;
2188
+ cursor?: string;
2189
+ /** @description The total number of keys for this api */
2190
+ total: number;
2191
+ };
2192
+ };
2193
+ };
2194
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2195
+ 400: {
2196
+ content: {
2197
+ "application/json": components["schemas"]["ErrBadRequest"];
2198
+ };
2199
+ };
2200
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2201
+ 401: {
2202
+ content: {
2203
+ "application/json": components["schemas"]["ErrUnauthorized"];
2204
+ };
2205
+ };
2206
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2207
+ 403: {
2208
+ content: {
2209
+ "application/json": components["schemas"]["ErrForbidden"];
2210
+ };
2211
+ };
2212
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2213
+ 404: {
2214
+ content: {
2215
+ "application/json": components["schemas"]["ErrNotFound"];
2216
+ };
2217
+ };
2218
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2219
+ 409: {
2220
+ content: {
2221
+ "application/json": components["schemas"]["ErrConflict"];
2222
+ };
2223
+ };
2224
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2225
+ 429: {
2226
+ content: {
2227
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2228
+ };
2229
+ };
2230
+ /** @description The server has encountered a situation it does not know how to handle. */
2231
+ 500: {
2232
+ content: {
2233
+ "application/json": components["schemas"]["ErrInternalServerError"];
2234
+ };
2235
+ };
2236
+ };
2237
+ };
2238
+ deleteApi: {
2239
+ requestBody: {
2240
+ content: {
2241
+ "application/json": {
2242
+ /**
2243
+ * @description The id of the api to delete
2244
+ * @example api_1234
2245
+ */
2246
+ apiId: string;
2247
+ };
2248
+ };
2249
+ };
2250
+ responses: {
2251
+ /** @description The api was successfully deleted, it may take up to 30s for this to take effect in all regions */
2252
+ 200: {
2253
+ content: {
2254
+ "application/json": Record<string, never>;
2255
+ };
2256
+ };
2257
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2258
+ 400: {
2259
+ content: {
2260
+ "application/json": components["schemas"]["ErrBadRequest"];
2261
+ };
2262
+ };
2263
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2264
+ 401: {
2265
+ content: {
2266
+ "application/json": components["schemas"]["ErrUnauthorized"];
2267
+ };
2268
+ };
2269
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2270
+ 403: {
2271
+ content: {
2272
+ "application/json": components["schemas"]["ErrForbidden"];
2273
+ };
2274
+ };
2275
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2276
+ 404: {
2277
+ content: {
2278
+ "application/json": components["schemas"]["ErrNotFound"];
2279
+ };
2280
+ };
2281
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2282
+ 409: {
2283
+ content: {
2284
+ "application/json": components["schemas"]["ErrConflict"];
2285
+ };
2286
+ };
2287
+ /** @description The api is protected from deletions */
2288
+ 429: {
2289
+ content: {
2290
+ "application/json": components["schemas"]["ErrDeleteProtected"];
2291
+ };
2292
+ };
2293
+ /** @description The server has encountered a situation it does not know how to handle. */
2294
+ 500: {
2295
+ content: {
2296
+ "application/json": components["schemas"]["ErrInternalServerError"];
2297
+ };
2298
+ };
2299
+ };
2300
+ };
2301
+ deleteKeys: {
2302
+ requestBody: {
2303
+ content: {
2304
+ "application/json": {
2305
+ /**
2306
+ * @description The id of the api, that the keys belong to.
2307
+ * @example api_1234
2308
+ */
2309
+ apiId: string;
2310
+ /**
2311
+ * @description Delete the keys permanently, if false the keys will be marked as deleted but not removed from the database. In either case, the keys will no longer be valid when verifying them.
2312
+ * @default false
2313
+ */
2314
+ permanent?: boolean;
2315
+ };
2316
+ };
2317
+ };
2318
+ responses: {
2319
+ /** @description The keys have been deleted */
2320
+ 200: {
2321
+ content: {
2322
+ "application/json": {
2323
+ /** @description The number of keys that were deleted */
2324
+ deletedKeys: number;
2325
+ };
2326
+ };
2327
+ };
2328
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2329
+ 400: {
2330
+ content: {
2331
+ "application/json": components["schemas"]["ErrBadRequest"];
2332
+ };
2333
+ };
2334
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2335
+ 401: {
2336
+ content: {
2337
+ "application/json": components["schemas"]["ErrUnauthorized"];
2338
+ };
2339
+ };
2340
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2341
+ 403: {
2342
+ content: {
2343
+ "application/json": components["schemas"]["ErrForbidden"];
2344
+ };
2345
+ };
2346
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2347
+ 404: {
2348
+ content: {
2349
+ "application/json": components["schemas"]["ErrNotFound"];
2350
+ };
2351
+ };
2352
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2353
+ 409: {
2354
+ content: {
2355
+ "application/json": components["schemas"]["ErrConflict"];
2356
+ };
2357
+ };
2358
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2359
+ 429: {
2360
+ content: {
2361
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2362
+ };
2363
+ };
2364
+ /** @description The server has encountered a situation it does not know how to handle. */
2365
+ 500: {
2366
+ content: {
2367
+ "application/json": components["schemas"]["ErrInternalServerError"];
2368
+ };
2369
+ };
2370
+ };
2371
+ };
2372
+ limit: {
2373
+ requestBody: {
2374
+ content: {
2375
+ "application/json": {
2376
+ /**
2377
+ * @description Namespaces group different limits together for better analytics. You might have a namespace for your public API and one for internal tRPC routes.
2378
+ * @default default
2379
+ * @example email.outbound
2380
+ */
2381
+ namespace?: string;
2382
+ /**
2383
+ * @description Identifier of your user, this can be their userId, an email, an ip or anything else.
2384
+ * @example user_123
2385
+ */
2386
+ identifier: string;
2387
+ /**
2388
+ * @description How many requests may pass in a given window.
2389
+ * @example 10
2390
+ */
2391
+ limit: number;
2392
+ /**
2393
+ * @description The window duration in milliseconds
2394
+ * @example 60000
2395
+ */
2396
+ duration: number;
2397
+ /**
2398
+ * @description Expensive requests may use up more tokens. You can specify a cost to the request here and we'll deduct this many tokens in the current window.
2399
+ * If there are not enough tokens left, the request is denied.
2400
+ *
2401
+ * Set it to 0 to receive the current limit without changing anything.
2402
+ * @default 1
2403
+ * @example 2
2404
+ */
2405
+ cost?: number;
2406
+ /**
2407
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2408
+ * @default false
2409
+ */
2410
+ async?: boolean;
2411
+ /** @description Attach any metadata to this request */
2412
+ meta?: {
2413
+ [key: string]: unknown;
2414
+ };
2415
+ /**
2416
+ * @description Resources that are about to be accessed by the user
2417
+ * @example [
2418
+ * {
2419
+ * "type": "project",
2420
+ * "id": "p_123",
2421
+ * "name": "dub"
2422
+ * }
2423
+ * ]
2424
+ */
2425
+ resources?: {
2426
+ /**
2427
+ * @description The type of resource
2428
+ * @example organization
2429
+ */
2430
+ type: string;
2431
+ /**
2432
+ * @description The unique identifier for the resource
2433
+ * @example org_123
2434
+ */
2435
+ id: string;
2436
+ /**
2437
+ * @description A human readable name for this resource
2438
+ * @example unkey
2439
+ */
2440
+ name?: string;
2441
+ /** @description Attach any metadata to this resources */
2442
+ meta?: {
2443
+ [key: string]: unknown;
2444
+ };
2445
+ }[];
2446
+ };
2447
+ };
2448
+ };
2449
+ responses: {
2450
+ 200: {
2451
+ content: {
2452
+ "application/json": {
2453
+ /**
2454
+ * @description Returns true if the request should be processed, false if it was rejected.
2455
+ * @example true
2456
+ */
2457
+ success: boolean;
2458
+ /**
2459
+ * @description How many requests are allowed within a window.
2460
+ * @example 10
2461
+ */
2462
+ limit: number;
2463
+ /**
2464
+ * @description How many requests can still be made in the current window.
2465
+ * @example 9
2466
+ */
2467
+ remaining: number;
2468
+ /**
2469
+ * @description A unix millisecond timestamp when the limits reset.
2470
+ * @example 1709804263654
2471
+ */
2472
+ reset: number;
2473
+ };
2474
+ };
2475
+ };
2476
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2477
+ 400: {
2478
+ content: {
2479
+ "application/json": components["schemas"]["ErrBadRequest"];
2480
+ };
2481
+ };
2482
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2483
+ 401: {
2484
+ content: {
2485
+ "application/json": components["schemas"]["ErrUnauthorized"];
2486
+ };
2487
+ };
2488
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2489
+ 403: {
2490
+ content: {
2491
+ "application/json": components["schemas"]["ErrForbidden"];
2492
+ };
2493
+ };
2494
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2495
+ 404: {
2496
+ content: {
2497
+ "application/json": components["schemas"]["ErrNotFound"];
2498
+ };
2499
+ };
2500
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2501
+ 409: {
2502
+ content: {
2503
+ "application/json": components["schemas"]["ErrConflict"];
2504
+ };
2505
+ };
2506
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2507
+ 429: {
2508
+ content: {
2509
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2510
+ };
2511
+ };
2512
+ /** @description The server has encountered a situation it does not know how to handle. */
2513
+ 500: {
2514
+ content: {
2515
+ "application/json": components["schemas"]["ErrInternalServerError"];
2516
+ };
2517
+ };
2518
+ };
2519
+ };
2520
+ "v1.migrations.createKeys": {
2521
+ requestBody: {
2522
+ content: {
2523
+ "application/json": ({
2524
+ /**
2525
+ * @description Choose an `API` where this key should be created.
2526
+ * @example api_123
2527
+ */
2528
+ apiId: string;
2529
+ /**
2530
+ * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2531
+ *
2532
+ * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2533
+ *
2534
+ * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2535
+ */
2536
+ prefix?: string;
2537
+ /**
2538
+ * @description The name for your Key. This is not customer facing.
2539
+ * @example my key
2540
+ */
2541
+ name?: string;
2542
+ /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2543
+ plaintext?: string;
2544
+ /** @description Provide either `hash` or `plaintext` */
2545
+ hash?: {
2546
+ /** @description The hashed and encoded key */
2547
+ value: string;
2548
+ /**
2549
+ * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2550
+ * @enum {string}
2551
+ */
2552
+ variant: "sha256_base64";
2553
+ };
2554
+ /**
2555
+ * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2556
+ * @example unkey_32kq
2557
+ */
2558
+ start?: string;
2559
+ /**
2560
+ * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2561
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2562
+ * @example team_123
2563
+ */
2564
+ ownerId?: string;
2565
+ /**
2566
+ * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2567
+ * @example {
2568
+ * "billingTier": "PRO",
2569
+ * "trialEnds": "2023-06-16T17:16:37.161Z"
2570
+ * }
2571
+ */
2572
+ meta?: {
2573
+ [key: string]: unknown;
2574
+ };
2575
+ /**
2576
+ * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2577
+ * @example [
2578
+ * "admin",
2579
+ * "finance"
2580
+ * ]
2581
+ */
2582
+ roles?: string[];
2583
+ /**
2584
+ * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2585
+ * @example [
2586
+ * "domains.create_record",
2587
+ * "say_hello"
2588
+ * ]
2589
+ */
2590
+ permissions?: string[];
2591
+ /**
2592
+ * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2593
+ * @example 1623869797161
2594
+ */
2595
+ expires?: number;
2596
+ /**
2597
+ * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
2598
+ * @example 1000
2599
+ */
2600
+ remaining?: number;
2601
+ /**
2602
+ * @description Unkey enables you to refill verifications for each key at regular intervals.
2603
+ * @example {
2604
+ * "interval": "daily",
2605
+ * "amount": 100
2606
+ * }
2607
+ */
2608
+ refill?: {
2609
+ /**
2610
+ * @description Unkey will automatically refill verifications at the set interval.
2611
+ * @enum {string}
2612
+ */
2613
+ interval: "daily" | "monthly";
2614
+ /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2615
+ amount: number;
2616
+ };
2617
+ /**
2618
+ * @description Unkey comes with per-key ratelimiting out of the box.
2619
+ * @example {
2620
+ * "type": "fast",
2621
+ * "limit": 10,
2622
+ * "refillRate": 1,
2623
+ * "refillInterval": 60
2624
+ * }
2625
+ */
2626
+ ratelimit?: {
2627
+ /**
2628
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2629
+ * @default false
2630
+ */
2631
+ async?: boolean;
2632
+ /**
2633
+ * @deprecated
2634
+ * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2635
+ * @default fast
2636
+ * @enum {string}
2637
+ */
2638
+ type?: "fast" | "consistent";
2639
+ /** @description The total amount of burstable requests. */
2640
+ limit: number;
2641
+ /**
2642
+ * @deprecated
2643
+ * @description How many tokens to refill during each refillInterval.
2644
+ */
2645
+ refillRate: number;
2646
+ /**
2647
+ * @deprecated
2648
+ * @description Determines the speed at which tokens are refilled, in milliseconds.
2649
+ */
2650
+ refillInterval: number;
2651
+ };
2652
+ /**
2653
+ * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2654
+ * @default true
2655
+ * @example false
2656
+ */
2657
+ enabled?: boolean;
2658
+ /**
2659
+ * @description Environments allow you to divide your keyspace.
2660
+ *
2661
+ * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2662
+ * give the developer a way to develop their own application without the risk of modifying real world
2663
+ * resources.
2664
+ *
2665
+ * When you set an environment, we will return it back to you when validating the key, so you can
2666
+ * handle it correctly.
2667
+ */
2668
+ environment?: string;
2669
+ })[];
2670
+ };
2671
+ };
2672
+ responses: {
2673
+ /** @description The key ids of all created keys */
2674
+ 200: {
2675
+ content: {
2676
+ "application/json": {
2677
+ /**
2678
+ * @description The ids of the keys. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.
2679
+ * @example [
2680
+ * "key_123",
2681
+ * "key_456"
2682
+ * ]
2683
+ */
2684
+ keyIds: string[];
2685
+ };
2686
+ };
2687
+ };
2688
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2689
+ 400: {
2690
+ content: {
2691
+ "application/json": components["schemas"]["ErrBadRequest"];
2692
+ };
2693
+ };
2694
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2695
+ 401: {
2696
+ content: {
2697
+ "application/json": components["schemas"]["ErrUnauthorized"];
2698
+ };
2699
+ };
2700
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2701
+ 403: {
2702
+ content: {
2703
+ "application/json": components["schemas"]["ErrForbidden"];
2704
+ };
2705
+ };
2706
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2707
+ 404: {
2708
+ content: {
2709
+ "application/json": components["schemas"]["ErrNotFound"];
2710
+ };
2711
+ };
2712
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2713
+ 409: {
2714
+ content: {
2715
+ "application/json": components["schemas"]["ErrConflict"];
2716
+ };
2717
+ };
2718
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2719
+ 429: {
2720
+ content: {
2721
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2722
+ };
2723
+ };
2724
+ /** @description The server has encountered a situation it does not know how to handle. */
2725
+ 500: {
2726
+ content: {
2727
+ "application/json": components["schemas"]["ErrInternalServerError"];
2728
+ };
2729
+ };
2730
+ };
2731
+ };
2732
+ "v1.migrations.enqueueKeys": {
2733
+ requestBody: {
2734
+ content: {
2735
+ "application/json": {
2736
+ /** @description Contact support@unkey.dev to receive your migration id. */
2737
+ migrationId: string;
2738
+ /** @description The id of the api, you want to migrate keys to */
2739
+ apiId: string;
2740
+ keys: ({
2741
+ /**
2742
+ * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2743
+ *
2744
+ * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2745
+ *
2746
+ * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2747
+ */
2748
+ prefix?: string;
2749
+ /**
2750
+ * @description The name for your Key. This is not customer facing.
2751
+ * @example my key
2752
+ */
2753
+ name?: string;
2754
+ /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2755
+ plaintext?: string;
2756
+ /** @description Provide either `hash` or `plaintext` */
2757
+ hash?: {
2758
+ /** @description The hashed and encoded key */
2759
+ value: string;
2760
+ /**
2761
+ * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2762
+ * @enum {string}
2763
+ */
2764
+ variant: "sha256_base64";
2765
+ };
2766
+ /**
2767
+ * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2768
+ * @example unkey_32kq
2769
+ */
2770
+ start?: string;
2771
+ /**
2772
+ * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2773
+ * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2774
+ * @example team_123
2775
+ */
2776
+ ownerId?: string;
2777
+ /**
2778
+ * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2779
+ * @example {
2780
+ * "billingTier": "PRO",
2781
+ * "trialEnds": "2023-06-16T17:16:37.161Z"
2782
+ * }
2783
+ */
2784
+ meta?: {
2785
+ [key: string]: unknown;
2786
+ };
2787
+ /**
2788
+ * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2789
+ * @example [
2790
+ * "admin",
2791
+ * "finance"
2792
+ * ]
2793
+ */
2794
+ roles?: string[];
2795
+ /**
2796
+ * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2797
+ * @example [
2798
+ * "domains.create_record",
2799
+ * "say_hello"
2800
+ * ]
2801
+ */
2802
+ permissions?: string[];
2803
+ /**
2804
+ * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2805
+ * @example 1623869797161
2806
+ */
2807
+ expires?: number;
2808
+ /**
2809
+ * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
2810
+ * @example 1000
2811
+ */
2812
+ remaining?: number;
2813
+ /**
2814
+ * @description Unkey enables you to refill verifications for each key at regular intervals.
2815
+ * @example {
2816
+ * "interval": "daily",
2817
+ * "amount": 100
2818
+ * }
2819
+ */
2820
+ refill?: {
2821
+ /**
2822
+ * @description Unkey will automatically refill verifications at the set interval.
2823
+ * @enum {string}
2824
+ */
2825
+ interval: "daily" | "monthly";
2826
+ /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2827
+ amount: number;
2828
+ };
2829
+ /**
2830
+ * @description Unkey comes with per-key fixed-window ratelimiting out of the box.
2831
+ * @example {
2832
+ * "type": "fast",
2833
+ * "limit": 10,
2834
+ * "duration": 60000
2835
+ * }
2836
+ */
2837
+ ratelimit?: {
2838
+ /**
2839
+ * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2840
+ * @default true
2841
+ */
2842
+ async?: boolean;
2843
+ /**
2844
+ * @deprecated
2845
+ * @description Deprecated, use `async`. Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2846
+ * @default fast
2847
+ * @enum {string}
2848
+ */
2849
+ type?: "fast" | "consistent";
2850
+ /** @description The total amount of requests in a given interval. */
2851
+ limit: number;
2852
+ /**
2853
+ * @description The window duration in milliseconds
2854
+ * @example 60000
2855
+ */
2856
+ duration: number;
2857
+ /**
2858
+ * @deprecated
2859
+ * @description How many tokens to refill during each refillInterval.
2860
+ */
2861
+ refillRate?: number;
2862
+ /**
2863
+ * @deprecated
2864
+ * @description The refill timeframe, in milliseconds.
2865
+ */
2866
+ refillInterval?: number;
2867
+ };
2868
+ /**
2869
+ * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2870
+ * @default true
2871
+ * @example false
2872
+ */
2873
+ enabled?: boolean;
2874
+ /**
2875
+ * @description Environments allow you to divide your keyspace.
2876
+ *
2877
+ * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2878
+ * give the developer a way to develop their own application without the risk of modifying real world
2879
+ * resources.
2880
+ *
2881
+ * When you set an environment, we will return it back to you when validating the key, so you can
2882
+ * handle it correctly.
2883
+ */
2884
+ environment?: string;
2885
+ })[];
2886
+ };
2887
+ };
2888
+ };
2889
+ responses: {
2890
+ /** @description The key ids of all created keys */
2891
+ 202: {
2892
+ content: {
2893
+ "application/json": Record<string, never>;
2894
+ };
2895
+ };
2896
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2897
+ 400: {
2898
+ content: {
2899
+ "application/json": components["schemas"]["ErrBadRequest"];
2900
+ };
2901
+ };
2902
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2903
+ 401: {
2904
+ content: {
2905
+ "application/json": components["schemas"]["ErrUnauthorized"];
2906
+ };
2907
+ };
2908
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2909
+ 403: {
2910
+ content: {
2911
+ "application/json": components["schemas"]["ErrForbidden"];
2912
+ };
2913
+ };
2914
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2915
+ 404: {
2916
+ content: {
2917
+ "application/json": components["schemas"]["ErrNotFound"];
2918
+ };
2919
+ };
2920
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2921
+ 409: {
2922
+ content: {
2923
+ "application/json": components["schemas"]["ErrConflict"];
2924
+ };
2925
+ };
2926
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
2927
+ 429: {
2928
+ content: {
2929
+ "application/json": components["schemas"]["ErrTooManyRequests"];
2930
+ };
2931
+ };
2932
+ /** @description The server has encountered a situation it does not know how to handle. */
2933
+ 500: {
2934
+ content: {
2935
+ "application/json": components["schemas"]["ErrInternalServerError"];
2936
+ };
2937
+ };
2938
+ };
2939
+ };
2940
+ createPermission: {
2941
+ requestBody: {
2942
+ content: {
2943
+ "application/json": {
2944
+ /**
2945
+ * @description The unique name of your permission.
2946
+ * @example record.write
2947
+ */
2948
+ name: string;
2949
+ /**
2950
+ * @description Explain what this permission does. This is just for your team, your users will not see this.
2951
+ * @example record.write can create new dns records for our domains.
2952
+ */
2953
+ description?: string;
2954
+ };
2955
+ };
2956
+ };
2957
+ responses: {
2958
+ /** @description Sucessfully created a permission */
2959
+ 200: {
2960
+ content: {
2961
+ "application/json": {
1846
2962
  /**
1847
- * @description This is a place for dynamic meta data, anything that feels useful for you should go here
1848
- * @example {
1849
- * "billingTier": "PRO",
1850
- * "trialEnds": "2023-06-16T17:16:37.161Z"
1851
- * }
2963
+ * @description The id of the permission. This is used internally
2964
+ * @example perm_123
1852
2965
  */
1853
- meta?: {
1854
- [key: string]: unknown;
1855
- };
2966
+ permissionId: string;
2967
+ };
2968
+ };
2969
+ };
2970
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
2971
+ 400: {
2972
+ content: {
2973
+ "application/json": components["schemas"]["ErrBadRequest"];
2974
+ };
2975
+ };
2976
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
2977
+ 401: {
2978
+ content: {
2979
+ "application/json": components["schemas"]["ErrUnauthorized"];
2980
+ };
2981
+ };
2982
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
2983
+ 403: {
2984
+ content: {
2985
+ "application/json": components["schemas"]["ErrForbidden"];
2986
+ };
2987
+ };
2988
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
2989
+ 404: {
2990
+ content: {
2991
+ "application/json": components["schemas"]["ErrNotFound"];
2992
+ };
2993
+ };
2994
+ /** @description This response is sent when a request conflicts with the current state of the server. */
2995
+ 409: {
2996
+ content: {
2997
+ "application/json": components["schemas"]["ErrConflict"];
2998
+ };
2999
+ };
3000
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3001
+ 429: {
3002
+ content: {
3003
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3004
+ };
3005
+ };
3006
+ /** @description The server has encountered a situation it does not know how to handle. */
3007
+ 500: {
3008
+ content: {
3009
+ "application/json": components["schemas"]["ErrInternalServerError"];
3010
+ };
3011
+ };
3012
+ };
3013
+ };
3014
+ deletePermission: {
3015
+ requestBody: {
3016
+ content: {
3017
+ "application/json": {
3018
+ /**
3019
+ * @description The id of the permission you want to delete.
3020
+ * @example perm_123
3021
+ */
3022
+ permissionId: string;
3023
+ };
3024
+ };
3025
+ };
3026
+ responses: {
3027
+ /** @description Sucessfully deleted a permission */
3028
+ 200: {
3029
+ content: {
3030
+ "application/json": Record<string, never>;
3031
+ };
3032
+ };
3033
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3034
+ 400: {
3035
+ content: {
3036
+ "application/json": components["schemas"]["ErrBadRequest"];
3037
+ };
3038
+ };
3039
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3040
+ 401: {
3041
+ content: {
3042
+ "application/json": components["schemas"]["ErrUnauthorized"];
3043
+ };
3044
+ };
3045
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3046
+ 403: {
3047
+ content: {
3048
+ "application/json": components["schemas"]["ErrForbidden"];
3049
+ };
3050
+ };
3051
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3052
+ 404: {
3053
+ content: {
3054
+ "application/json": components["schemas"]["ErrNotFound"];
3055
+ };
3056
+ };
3057
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3058
+ 409: {
3059
+ content: {
3060
+ "application/json": components["schemas"]["ErrConflict"];
3061
+ };
3062
+ };
3063
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3064
+ 429: {
3065
+ content: {
3066
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3067
+ };
3068
+ };
3069
+ /** @description The server has encountered a situation it does not know how to handle. */
3070
+ 500: {
3071
+ content: {
3072
+ "application/json": components["schemas"]["ErrInternalServerError"];
3073
+ };
3074
+ };
3075
+ };
3076
+ };
3077
+ getPermission: {
3078
+ parameters: {
3079
+ query: {
3080
+ permissionId: string;
3081
+ };
3082
+ };
3083
+ responses: {
3084
+ /** @description The Role */
3085
+ 200: {
3086
+ content: {
3087
+ "application/json": {
1856
3088
  /**
1857
- * @description A list of roles that this key should have. If the role does not exist, an error is thrown
1858
- * @example [
1859
- * "admin",
1860
- * "finance"
1861
- * ]
3089
+ * @description The id of the permission
3090
+ * @example perm_123
1862
3091
  */
1863
- roles?: string[];
3092
+ id: string;
3093
+ /**
3094
+ * @description The name of the permission.
3095
+ * @example domain.record.manager
3096
+ */
3097
+ name: string;
3098
+ /**
3099
+ * @description The description of what this permission does. This is just for your team, your users will not see this.
3100
+ * @example Can manage dns records
3101
+ */
3102
+ description?: string;
3103
+ };
3104
+ };
3105
+ };
3106
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3107
+ 400: {
3108
+ content: {
3109
+ "application/json": components["schemas"]["ErrBadRequest"];
3110
+ };
3111
+ };
3112
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3113
+ 401: {
3114
+ content: {
3115
+ "application/json": components["schemas"]["ErrUnauthorized"];
3116
+ };
3117
+ };
3118
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3119
+ 403: {
3120
+ content: {
3121
+ "application/json": components["schemas"]["ErrForbidden"];
3122
+ };
3123
+ };
3124
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3125
+ 404: {
3126
+ content: {
3127
+ "application/json": components["schemas"]["ErrNotFound"];
3128
+ };
3129
+ };
3130
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3131
+ 409: {
3132
+ content: {
3133
+ "application/json": components["schemas"]["ErrConflict"];
3134
+ };
3135
+ };
3136
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3137
+ 429: {
3138
+ content: {
3139
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3140
+ };
3141
+ };
3142
+ /** @description The server has encountered a situation it does not know how to handle. */
3143
+ 500: {
3144
+ content: {
3145
+ "application/json": components["schemas"]["ErrInternalServerError"];
3146
+ };
3147
+ };
3148
+ };
3149
+ };
3150
+ listPermissions: {
3151
+ responses: {
3152
+ /** @description The permissions in your workspace */
3153
+ 200: {
3154
+ content: {
3155
+ "application/json": {
3156
+ /**
3157
+ * @description The id of the permission
3158
+ * @example perm_123
3159
+ */
3160
+ id: string;
3161
+ /**
3162
+ * @description The name of the permission.
3163
+ * @example domain.record.manager
3164
+ */
3165
+ name: string;
3166
+ /**
3167
+ * @description The description of what this permission does. This is just for your team, your users will not see this.
3168
+ * @example Can manage dns records
3169
+ */
3170
+ description?: string;
3171
+ }[];
3172
+ };
3173
+ };
3174
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3175
+ 400: {
3176
+ content: {
3177
+ "application/json": components["schemas"]["ErrBadRequest"];
3178
+ };
3179
+ };
3180
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3181
+ 401: {
3182
+ content: {
3183
+ "application/json": components["schemas"]["ErrUnauthorized"];
3184
+ };
3185
+ };
3186
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3187
+ 403: {
3188
+ content: {
3189
+ "application/json": components["schemas"]["ErrForbidden"];
3190
+ };
3191
+ };
3192
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3193
+ 404: {
3194
+ content: {
3195
+ "application/json": components["schemas"]["ErrNotFound"];
3196
+ };
3197
+ };
3198
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3199
+ 409: {
3200
+ content: {
3201
+ "application/json": components["schemas"]["ErrConflict"];
3202
+ };
3203
+ };
3204
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3205
+ 429: {
3206
+ content: {
3207
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3208
+ };
3209
+ };
3210
+ /** @description The server has encountered a situation it does not know how to handle. */
3211
+ 500: {
3212
+ content: {
3213
+ "application/json": components["schemas"]["ErrInternalServerError"];
3214
+ };
3215
+ };
3216
+ };
3217
+ };
3218
+ createRole: {
3219
+ requestBody: {
3220
+ content: {
3221
+ "application/json": {
3222
+ /**
3223
+ * @description The unique name of your role.
3224
+ * @example dns.records.manager
3225
+ */
3226
+ name: string;
3227
+ /**
3228
+ * @description Explain what this role does. This is just for your team, your users will not see this.
3229
+ * @example dns.records.manager can read and write dns records for our domains.
3230
+ */
3231
+ description?: string;
3232
+ };
3233
+ };
3234
+ };
3235
+ responses: {
3236
+ /** @description Sucessfully created a role */
3237
+ 200: {
3238
+ content: {
3239
+ "application/json": {
1864
3240
  /**
1865
- * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
1866
- * @example [
1867
- * "domains.create_record",
1868
- * "say_hello"
1869
- * ]
3241
+ * @description The id of the role. This is used internally
3242
+ * @example role_123
1870
3243
  */
1871
- permissions?: string[];
3244
+ roleId: string;
3245
+ };
3246
+ };
3247
+ };
3248
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3249
+ 400: {
3250
+ content: {
3251
+ "application/json": components["schemas"]["ErrBadRequest"];
3252
+ };
3253
+ };
3254
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3255
+ 401: {
3256
+ content: {
3257
+ "application/json": components["schemas"]["ErrUnauthorized"];
3258
+ };
3259
+ };
3260
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3261
+ 403: {
3262
+ content: {
3263
+ "application/json": components["schemas"]["ErrForbidden"];
3264
+ };
3265
+ };
3266
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3267
+ 404: {
3268
+ content: {
3269
+ "application/json": components["schemas"]["ErrNotFound"];
3270
+ };
3271
+ };
3272
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3273
+ 409: {
3274
+ content: {
3275
+ "application/json": components["schemas"]["ErrConflict"];
3276
+ };
3277
+ };
3278
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3279
+ 429: {
3280
+ content: {
3281
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3282
+ };
3283
+ };
3284
+ /** @description The server has encountered a situation it does not know how to handle. */
3285
+ 500: {
3286
+ content: {
3287
+ "application/json": components["schemas"]["ErrInternalServerError"];
3288
+ };
3289
+ };
3290
+ };
3291
+ };
3292
+ deleteRole: {
3293
+ requestBody: {
3294
+ content: {
3295
+ "application/json": {
3296
+ /**
3297
+ * @description The id of the role you want to delete.
3298
+ * @example role_123
3299
+ */
3300
+ roleId: string;
3301
+ };
3302
+ };
3303
+ };
3304
+ responses: {
3305
+ /** @description Sucessfully deleted a role */
3306
+ 200: {
3307
+ content: {
3308
+ "application/json": Record<string, never>;
3309
+ };
3310
+ };
3311
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3312
+ 400: {
3313
+ content: {
3314
+ "application/json": components["schemas"]["ErrBadRequest"];
3315
+ };
3316
+ };
3317
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3318
+ 401: {
3319
+ content: {
3320
+ "application/json": components["schemas"]["ErrUnauthorized"];
3321
+ };
3322
+ };
3323
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3324
+ 403: {
3325
+ content: {
3326
+ "application/json": components["schemas"]["ErrForbidden"];
3327
+ };
3328
+ };
3329
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3330
+ 404: {
3331
+ content: {
3332
+ "application/json": components["schemas"]["ErrNotFound"];
3333
+ };
3334
+ };
3335
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3336
+ 409: {
3337
+ content: {
3338
+ "application/json": components["schemas"]["ErrConflict"];
3339
+ };
3340
+ };
3341
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3342
+ 429: {
3343
+ content: {
3344
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3345
+ };
3346
+ };
3347
+ /** @description The server has encountered a situation it does not know how to handle. */
3348
+ 500: {
3349
+ content: {
3350
+ "application/json": components["schemas"]["ErrInternalServerError"];
3351
+ };
3352
+ };
3353
+ };
3354
+ };
3355
+ getRole: {
3356
+ parameters: {
3357
+ query: {
3358
+ roleId: string;
3359
+ };
3360
+ };
3361
+ responses: {
3362
+ /** @description The Role */
3363
+ 200: {
3364
+ content: {
3365
+ "application/json": {
1872
3366
  /**
1873
- * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
1874
- * @example 1623869797161
3367
+ * @description The id of the role
3368
+ * @example role_1234
1875
3369
  */
1876
- expires?: number;
3370
+ id: string;
1877
3371
  /**
1878
- * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
1879
- * @example 1000
3372
+ * @description The name of the role.
3373
+ * @example domain.record.manager
1880
3374
  */
1881
- remaining?: number;
3375
+ name: string;
1882
3376
  /**
1883
- * @description Unkey enables you to refill verifications for each key at regular intervals.
1884
- * @example {
1885
- * "interval": "daily",
1886
- * "amount": 100
1887
- * }
3377
+ * @description The description of what this role does. This is just for your team, your users will not see this.
3378
+ * @example Can manage dns records
1888
3379
  */
1889
- refill?: {
3380
+ description?: string;
3381
+ };
3382
+ };
3383
+ };
3384
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3385
+ 400: {
3386
+ content: {
3387
+ "application/json": components["schemas"]["ErrBadRequest"];
3388
+ };
3389
+ };
3390
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3391
+ 401: {
3392
+ content: {
3393
+ "application/json": components["schemas"]["ErrUnauthorized"];
3394
+ };
3395
+ };
3396
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3397
+ 403: {
3398
+ content: {
3399
+ "application/json": components["schemas"]["ErrForbidden"];
3400
+ };
3401
+ };
3402
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3403
+ 404: {
3404
+ content: {
3405
+ "application/json": components["schemas"]["ErrNotFound"];
3406
+ };
3407
+ };
3408
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3409
+ 409: {
3410
+ content: {
3411
+ "application/json": components["schemas"]["ErrConflict"];
3412
+ };
3413
+ };
3414
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3415
+ 429: {
3416
+ content: {
3417
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3418
+ };
3419
+ };
3420
+ /** @description The server has encountered a situation it does not know how to handle. */
3421
+ 500: {
3422
+ content: {
3423
+ "application/json": components["schemas"]["ErrInternalServerError"];
3424
+ };
3425
+ };
3426
+ };
3427
+ };
3428
+ listRoles: {
3429
+ responses: {
3430
+ /** @description The Roles in your workspace */
3431
+ 200: {
3432
+ content: {
3433
+ "application/json": {
1890
3434
  /**
1891
- * @description Unkey will automatically refill verifications at the set interval.
1892
- * @enum {string}
3435
+ * @description The id of the role
3436
+ * @example role_1234
1893
3437
  */
1894
- interval: "daily" | "monthly";
1895
- /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
1896
- amount: number;
1897
- };
1898
- /**
1899
- * @description Unkey comes with per-key ratelimiting out of the box.
1900
- * @example {
1901
- * "type": "fast",
1902
- * "limit": 10,
1903
- * "refillRate": 1,
1904
- * "refillInterval": 60
1905
- * }
1906
- */
1907
- ratelimit?: {
3438
+ id: string;
1908
3439
  /**
1909
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
1910
- * @default false
3440
+ * @description The name of the role.
3441
+ * @example domain.record.manager
1911
3442
  */
1912
- async?: boolean;
3443
+ name: string;
1913
3444
  /**
1914
- * @deprecated
1915
- * @description Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
1916
- * @default fast
1917
- * @enum {string}
3445
+ * @description The description of what this role does. This is just for your team, your users will not see this.
3446
+ * @example Can manage dns records
1918
3447
  */
1919
- type?: "fast" | "consistent";
1920
- /** @description The total amount of burstable requests. */
1921
- limit: number;
3448
+ description?: string;
3449
+ }[];
3450
+ };
3451
+ };
3452
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3453
+ 400: {
3454
+ content: {
3455
+ "application/json": components["schemas"]["ErrBadRequest"];
3456
+ };
3457
+ };
3458
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3459
+ 401: {
3460
+ content: {
3461
+ "application/json": components["schemas"]["ErrUnauthorized"];
3462
+ };
3463
+ };
3464
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3465
+ 403: {
3466
+ content: {
3467
+ "application/json": components["schemas"]["ErrForbidden"];
3468
+ };
3469
+ };
3470
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3471
+ 404: {
3472
+ content: {
3473
+ "application/json": components["schemas"]["ErrNotFound"];
3474
+ };
3475
+ };
3476
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3477
+ 409: {
3478
+ content: {
3479
+ "application/json": components["schemas"]["ErrConflict"];
3480
+ };
3481
+ };
3482
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3483
+ 429: {
3484
+ content: {
3485
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3486
+ };
3487
+ };
3488
+ /** @description The server has encountered a situation it does not know how to handle. */
3489
+ 500: {
3490
+ content: {
3491
+ "application/json": components["schemas"]["ErrInternalServerError"];
3492
+ };
3493
+ };
3494
+ };
3495
+ };
3496
+ createIdentity: {
3497
+ requestBody: {
3498
+ content: {
3499
+ "application/json": {
3500
+ /**
3501
+ * @description The id of this identity in your system.
3502
+ *
3503
+ * This usually comes from your authentication provider and could be a userId, organisationId or even an email.
3504
+ * It does not matter what you use, as long as it uniquely identifies something in your application.
3505
+ *
3506
+ * @example user_123
3507
+ */
3508
+ externalId: string;
3509
+ /**
3510
+ * @description Attach metadata to this identity that you need to have access to when verifying a key.
3511
+ *
3512
+ * This will be returned as part of the `verifyKey` response.
3513
+ */
3514
+ meta?: {
3515
+ [key: string]: unknown;
3516
+ };
3517
+ /**
3518
+ * @description Attach ratelimits to this identity.
3519
+ *
3520
+ * When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits.
3521
+ */
3522
+ ratelimits?: {
1922
3523
  /**
1923
- * @deprecated
1924
- * @description How many tokens to refill during each refillInterval.
3524
+ * @description The name of this limit. You will need to use this again when verifying a key.
3525
+ * @example tokens
1925
3526
  */
1926
- refillRate: number;
3527
+ name: string;
1927
3528
  /**
1928
- * @deprecated
1929
- * @description Determines the speed at which tokens are refilled, in milliseconds.
3529
+ * @description How many requests may pass within a given window before requests are rejected.
3530
+ * @example 10
1930
3531
  */
1931
- refillInterval: number;
1932
- };
1933
- /**
1934
- * @description Sets if key is enabled or disabled. Disabled keys are not valid.
1935
- * @default true
1936
- * @example false
1937
- */
1938
- enabled?: boolean;
3532
+ limit: number;
3533
+ /**
3534
+ * @description The duration for each ratelimit window in milliseconds.
3535
+ * @example 1000
3536
+ */
3537
+ duration: number;
3538
+ }[];
3539
+ };
3540
+ };
3541
+ };
3542
+ responses: {
3543
+ /** @description The configuration for an api */
3544
+ 200: {
3545
+ content: {
3546
+ "application/json": {
1939
3547
  /**
1940
- * @description Environments allow you to divide your keyspace.
1941
- *
1942
- * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
1943
- * give the developer a way to develop their own application without the risk of modifying real world
1944
- * resources.
1945
- *
1946
- * When you set an environment, we will return it back to you when validating the key, so you can
1947
- * handle it correctly.
3548
+ * @description The id of the identity. Used internally, you do not need to store this.
3549
+ * @example id_123
1948
3550
  */
1949
- environment?: string;
1950
- })[];
3551
+ identityId: string;
3552
+ };
3553
+ };
3554
+ };
3555
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3556
+ 400: {
3557
+ content: {
3558
+ "application/json": components["schemas"]["ErrBadRequest"];
3559
+ };
3560
+ };
3561
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3562
+ 401: {
3563
+ content: {
3564
+ "application/json": components["schemas"]["ErrUnauthorized"];
3565
+ };
3566
+ };
3567
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3568
+ 403: {
3569
+ content: {
3570
+ "application/json": components["schemas"]["ErrForbidden"];
3571
+ };
3572
+ };
3573
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3574
+ 404: {
3575
+ content: {
3576
+ "application/json": components["schemas"]["ErrNotFound"];
3577
+ };
3578
+ };
3579
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3580
+ 409: {
3581
+ content: {
3582
+ "application/json": components["schemas"]["ErrConflict"];
3583
+ };
3584
+ };
3585
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3586
+ 429: {
3587
+ content: {
3588
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3589
+ };
3590
+ };
3591
+ /** @description The server has encountered a situation it does not know how to handle. */
3592
+ 500: {
3593
+ content: {
3594
+ "application/json": components["schemas"]["ErrInternalServerError"];
3595
+ };
3596
+ };
3597
+ };
3598
+ };
3599
+ getIdentity: {
3600
+ parameters: {
3601
+ query?: {
3602
+ identityId?: string;
3603
+ externalId?: string;
3604
+ };
3605
+ };
3606
+ responses: {
3607
+ /** @description The configuration for an api */
3608
+ 200: {
3609
+ content: {
3610
+ "application/json": {
3611
+ /** @description The id of this identity. Used to interact with unkey's API */
3612
+ id: string;
3613
+ /** @description The id in your system */
3614
+ externalId: string;
3615
+ /** @description The meta object defined for this identity. */
3616
+ meta: {
3617
+ [key: string]: unknown;
3618
+ };
3619
+ /** @description When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits. */
3620
+ ratelimits: {
3621
+ /**
3622
+ * @description The name of this limit. You will need to use this again when verifying a key.
3623
+ * @example tokens
3624
+ */
3625
+ name: string;
3626
+ /**
3627
+ * @description How many requests may pass within a given window before requests are rejected.
3628
+ * @example 10
3629
+ */
3630
+ limit: number;
3631
+ /**
3632
+ * @description The duration for each ratelimit window in milliseconds.
3633
+ * @example 1000
3634
+ */
3635
+ duration: number;
3636
+ }[];
3637
+ };
3638
+ };
3639
+ };
3640
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3641
+ 400: {
3642
+ content: {
3643
+ "application/json": components["schemas"]["ErrBadRequest"];
3644
+ };
3645
+ };
3646
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3647
+ 401: {
3648
+ content: {
3649
+ "application/json": components["schemas"]["ErrUnauthorized"];
3650
+ };
3651
+ };
3652
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3653
+ 403: {
3654
+ content: {
3655
+ "application/json": components["schemas"]["ErrForbidden"];
3656
+ };
3657
+ };
3658
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3659
+ 404: {
3660
+ content: {
3661
+ "application/json": components["schemas"]["ErrNotFound"];
3662
+ };
3663
+ };
3664
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3665
+ 409: {
3666
+ content: {
3667
+ "application/json": components["schemas"]["ErrConflict"];
3668
+ };
3669
+ };
3670
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3671
+ 429: {
3672
+ content: {
3673
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3674
+ };
3675
+ };
3676
+ /** @description The server has encountered a situation it does not know how to handle. */
3677
+ 500: {
3678
+ content: {
3679
+ "application/json": components["schemas"]["ErrInternalServerError"];
3680
+ };
3681
+ };
3682
+ };
3683
+ };
3684
+ listIdentities: {
3685
+ parameters: {
3686
+ query?: {
3687
+ environment?: string;
3688
+ limit?: number;
3689
+ cursor?: string;
1951
3690
  };
1952
3691
  };
1953
3692
  responses: {
1954
- /** @description The key ids of all created keys */
3693
+ /** @description A list of identities. */
1955
3694
  200: {
1956
3695
  content: {
1957
3696
  "application/json": {
3697
+ /** @description A list of identities. */
3698
+ identities: {
3699
+ /** @description The id of this identity. Used to interact with unkey's API */
3700
+ id: string;
3701
+ /** @description The id in your system */
3702
+ externalId: string;
3703
+ /** @description When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits. */
3704
+ ratelimits: {
3705
+ /**
3706
+ * @description The name of this limit. You will need to use this again when verifying a key.
3707
+ * @example tokens
3708
+ */
3709
+ name: string;
3710
+ /**
3711
+ * @description How many requests may pass within a given window before requests are rejected.
3712
+ * @example 10
3713
+ */
3714
+ limit: number;
3715
+ /**
3716
+ * @description The duration for each ratelimit window in milliseconds.
3717
+ * @example 1000
3718
+ */
3719
+ duration: number;
3720
+ }[];
3721
+ }[];
1958
3722
  /**
1959
- * @description The ids of the keys. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.
1960
- * @example [
1961
- * "key_123",
1962
- * "key_456"
1963
- * ]
3723
+ * @description The cursor to use for the next page of results, if no cursor is returned, there are no more results
3724
+ * @example eyJrZXkiOiJrZXlfMTIzNCJ9
1964
3725
  */
1965
- keyIds: string[];
3726
+ cursor?: string;
3727
+ /** @description The total number of identities for this environment */
3728
+ total: number;
1966
3729
  };
1967
3730
  };
1968
3731
  };
@@ -2010,166 +3773,166 @@ interface operations {
2010
3773
  };
2011
3774
  };
2012
3775
  };
2013
- "v1.migrations.enqueueKeys": {
3776
+ updateIdentity: {
2014
3777
  requestBody: {
2015
3778
  content: {
2016
3779
  "application/json": {
2017
- /** @description Contact support@unkey.dev to receive your migration id. */
2018
- migrationId: string;
2019
- /** @description The id of the api, you want to migrate keys to */
2020
- apiId: string;
2021
- keys: ({
2022
- /**
2023
- * @description To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
2024
- *
2025
- * For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
2026
- *
2027
- * The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
2028
- */
2029
- prefix?: string;
2030
- /**
2031
- * @description The name for your Key. This is not customer facing.
2032
- * @example my key
2033
- */
2034
- name?: string;
2035
- /** @description The raw key in plaintext. If provided, unkey encrypts this value and stores it securely. Provide either `hash` or `plaintext` */
2036
- plaintext?: string;
2037
- /** @description Provide either `hash` or `plaintext` */
2038
- hash?: {
2039
- /** @description The hashed and encoded key */
2040
- value: string;
2041
- /**
2042
- * @description The algorithm for hashing and encoding, currently only sha256 and base64 are supported
2043
- * @enum {string}
2044
- */
2045
- variant: "sha256_base64";
2046
- };
2047
- /**
2048
- * @description The first 4 characters of the key. If a prefix is used, it should be the prefix plus 4 characters.
2049
- * @example unkey_32kq
2050
- */
2051
- start?: string;
2052
- /**
2053
- * @description Your user’s Id. This will provide a link between Unkey and your customer record.
2054
- * When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
2055
- * @example team_123
2056
- */
2057
- ownerId?: string;
2058
- /**
2059
- * @description This is a place for dynamic meta data, anything that feels useful for you should go here
2060
- * @example {
2061
- * "billingTier": "PRO",
2062
- * "trialEnds": "2023-06-16T17:16:37.161Z"
2063
- * }
2064
- */
2065
- meta?: {
2066
- [key: string]: unknown;
2067
- };
2068
- /**
2069
- * @description A list of roles that this key should have. If the role does not exist, an error is thrown
2070
- * @example [
2071
- * "admin",
2072
- * "finance"
2073
- * ]
2074
- */
2075
- roles?: string[];
3780
+ /**
3781
+ * @description The id of the identity to update, use either `identityId` or `externalId`, if both are provided, `identityId` takes precedence.
3782
+ * @example id_1234
3783
+ */
3784
+ identityId?: string;
3785
+ /**
3786
+ * @description The externalId of the identity to update, use either `identityId` or `externalId`, if both are provided, `identityId` takes precedence.
3787
+ * @example user_1234
3788
+ */
3789
+ externalId?: string;
3790
+ /**
3791
+ * @description This is not yet used but here for future compatibility.
3792
+ * @default default
3793
+ */
3794
+ environment?: string;
3795
+ /**
3796
+ * @description Attach metadata to this identity that you need to have access to when verifying a key.
3797
+ *
3798
+ * Set to `{}` to clear.
3799
+ *
3800
+ * This will be returned as part of the `verifyKey` response.
3801
+ */
3802
+ meta?: {
3803
+ [key: string]: unknown;
3804
+ };
3805
+ /**
3806
+ * @description Attach ratelimits to this identity.
3807
+ *
3808
+ * This overwrites all existing ratelimits on this identity.
3809
+ * Setting an empty array will delete all existing ratelimits.
3810
+ *
3811
+ * When verifying keys, you can specify which limits you want to use and all keys attached to this identity, will share the limits.
3812
+ */
3813
+ ratelimits?: {
2076
3814
  /**
2077
- * @description A list of permissions that this key should have. If the permission does not exist, an error is thrown
2078
- * @example [
2079
- * "domains.create_record",
2080
- * "say_hello"
2081
- * ]
3815
+ * @description The name of this limit. You will need to use this again when verifying a key.
3816
+ * @example tokens
2082
3817
  */
2083
- permissions?: string[];
3818
+ name: string;
2084
3819
  /**
2085
- * @description You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
2086
- * @example 1623869797161
3820
+ * @description How many requests may pass within a given window before requests are rejected.
3821
+ * @example 10
2087
3822
  */
2088
- expires?: number;
3823
+ limit: number;
2089
3824
  /**
2090
- * @description You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
3825
+ * @description The duration for each ratelimit window in milliseconds.
2091
3826
  * @example 1000
2092
3827
  */
2093
- remaining?: number;
2094
- /**
2095
- * @description Unkey enables you to refill verifications for each key at regular intervals.
2096
- * @example {
2097
- * "interval": "daily",
2098
- * "amount": 100
2099
- * }
2100
- */
2101
- refill?: {
2102
- /**
2103
- * @description Unkey will automatically refill verifications at the set interval.
2104
- * @enum {string}
2105
- */
2106
- interval: "daily" | "monthly";
2107
- /** @description The number of verifications to refill for each occurrence is determined individually for each key. */
2108
- amount: number;
2109
- };
2110
- /**
2111
- * @description Unkey comes with per-key fixed-window ratelimiting out of the box.
2112
- * @example {
2113
- * "type": "fast",
2114
- * "limit": 10,
2115
- * "duration": 60000
2116
- * }
2117
- */
2118
- ratelimit?: {
3828
+ duration: number;
3829
+ }[];
3830
+ };
3831
+ };
3832
+ };
3833
+ responses: {
3834
+ /** @description The identity after the update. */
3835
+ 200: {
3836
+ content: {
3837
+ "application/json": {
3838
+ /**
3839
+ * @description The id of the identity.
3840
+ * @example id_1234
3841
+ */
3842
+ id: string;
3843
+ /**
3844
+ * @description The externalId of the identity.
3845
+ * @example user_1234
3846
+ */
3847
+ externalId: string;
3848
+ /**
3849
+ * @description The metadata attached to this identity.
3850
+ * @example {
3851
+ * "stripeSubscriptionId": "sub_1234"
3852
+ * }
3853
+ */
3854
+ meta: {
3855
+ [key: string]: unknown;
3856
+ };
3857
+ ratelimits: {
2119
3858
  /**
2120
- * @description Async will return a response immediately, lowering latency at the cost of accuracy.
2121
- * @default true
3859
+ * @description The name of this limit.
3860
+ * @example tokens
2122
3861
  */
2123
- async?: boolean;
3862
+ name: string;
2124
3863
  /**
2125
- * @deprecated
2126
- * @description Deprecated, use `async`. Fast ratelimiting doesn't add latency, while consistent ratelimiting is more accurate.
2127
- * @default fast
2128
- * @enum {string}
3864
+ * @description How many requests may pass within a given window before requests are rejected.
3865
+ * @example 10
2129
3866
  */
2130
- type?: "fast" | "consistent";
2131
- /** @description The total amount of requests in a given interval. */
2132
3867
  limit: number;
2133
3868
  /**
2134
- * @description The window duration in milliseconds
2135
- * @example 60000
3869
+ * @description The duration for each ratelimit window in milliseconds.
3870
+ * @example 1000
2136
3871
  */
2137
3872
  duration: number;
2138
- /**
2139
- * @deprecated
2140
- * @description How many tokens to refill during each refillInterval.
2141
- */
2142
- refillRate?: number;
2143
- /**
2144
- * @deprecated
2145
- * @description The refill timeframe, in milliseconds.
2146
- */
2147
- refillInterval?: number;
2148
- };
2149
- /**
2150
- * @description Sets if key is enabled or disabled. Disabled keys are not valid.
2151
- * @default true
2152
- * @example false
2153
- */
2154
- enabled?: boolean;
2155
- /**
2156
- * @description Environments allow you to divide your keyspace.
2157
- *
2158
- * Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to
2159
- * give the developer a way to develop their own application without the risk of modifying real world
2160
- * resources.
2161
- *
2162
- * When you set an environment, we will return it back to you when validating the key, so you can
2163
- * handle it correctly.
2164
- */
2165
- environment?: string;
2166
- })[];
3873
+ }[];
3874
+ };
3875
+ };
3876
+ };
3877
+ /** @description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). */
3878
+ 400: {
3879
+ content: {
3880
+ "application/json": components["schemas"]["ErrBadRequest"];
3881
+ };
3882
+ };
3883
+ /** @description Although the HTTP standard specifies "unauthorized", semantically this response means "unauthenticated". That is, the client must authenticate itself to get the requested response. */
3884
+ 401: {
3885
+ content: {
3886
+ "application/json": components["schemas"]["ErrUnauthorized"];
3887
+ };
3888
+ };
3889
+ /** @description The client does not have access rights to the content; that is, it is unauthorized, so the server is refusing to give the requested resource. Unlike 401 Unauthorized, the client's identity is known to the server. */
3890
+ 403: {
3891
+ content: {
3892
+ "application/json": components["schemas"]["ErrForbidden"];
3893
+ };
3894
+ };
3895
+ /** @description The server cannot find the requested resource. In the browser, this means the URL is not recognized. In an API, this can also mean that the endpoint is valid but the resource itself does not exist. Servers may also send this response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client. This response code is probably the most well known due to its frequent occurrence on the web. */
3896
+ 404: {
3897
+ content: {
3898
+ "application/json": components["schemas"]["ErrNotFound"];
3899
+ };
3900
+ };
3901
+ /** @description This response is sent when a request conflicts with the current state of the server. */
3902
+ 409: {
3903
+ content: {
3904
+ "application/json": components["schemas"]["ErrConflict"];
3905
+ };
3906
+ };
3907
+ /** @description The user has sent too many requests in a given amount of time ("rate limiting") */
3908
+ 429: {
3909
+ content: {
3910
+ "application/json": components["schemas"]["ErrTooManyRequests"];
3911
+ };
3912
+ };
3913
+ /** @description The server has encountered a situation it does not know how to handle. */
3914
+ 500: {
3915
+ content: {
3916
+ "application/json": components["schemas"]["ErrInternalServerError"];
3917
+ };
3918
+ };
3919
+ };
3920
+ };
3921
+ deleteIdentity: {
3922
+ requestBody: {
3923
+ content: {
3924
+ "application/json": {
3925
+ /**
3926
+ * @description The id of the identity to delete
3927
+ * @example id_1234
3928
+ */
3929
+ identityId: string;
2167
3930
  };
2168
3931
  };
2169
3932
  };
2170
3933
  responses: {
2171
- /** @description The key ids of all created keys */
2172
- 202: {
3934
+ /** @description The identity was successfully deleted, it may take up to 30s for this to take effect in all regions */
3935
+ 200: {
2173
3936
  content: {
2174
3937
  "application/json": Record<string, never>;
2175
3938
  };
@@ -2422,11 +4185,6 @@ interface operations {
2422
4185
  * @example 0
2423
4186
  */
2424
4187
  createdAt?: number;
2425
- /**
2426
- * @description The unix timestamp in milliseconds when the key was deleted. We don't delete the key outright, you can restore it later.
2427
- * @example 0
2428
- */
2429
- deletedAt?: number;
2430
4188
  /**
2431
4189
  * @description The unix timestamp in milliseconds when the key will expire. If this field is null or undefined, the key is not expiring.
2432
4190
  * @example 123
@@ -2474,7 +4232,7 @@ interface operations {
2474
4232
  * @example NOT_FOUND
2475
4233
  * @enum {string}
2476
4234
  */
2477
- code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
4235
+ code?: "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
2478
4236
  };
2479
4237
  };
2480
4238
  };
@@ -2744,10 +4502,17 @@ declare function verifyKey(req: string | {
2744
4502
  reset: number;
2745
4503
  };
2746
4504
  remaining?: number;
2747
- code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS";
4505
+ code: "VALID" | "NOT_FOUND" | "FORBIDDEN" | "USAGE_EXCEEDED" | "RATE_LIMITED" | "UNAUTHORIZED" | "DISABLED" | "INSUFFICIENT_PERMISSIONS" | "EXPIRED";
2748
4506
  enabled?: boolean;
2749
4507
  permissions?: string[];
2750
4508
  environment?: string;
4509
+ identity?: {
4510
+ id: string;
4511
+ externalId: string;
4512
+ meta: {
4513
+ [key: string]: unknown;
4514
+ };
4515
+ };
2751
4516
  };
2752
4517
  error?: never;
2753
4518
  }>;