npm - @unkey/api - Versions diffs - 2.0.3 → 2.0.4 - Mend

@unkey/api 2.0.3 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/src/mcp-server/tools/keysRerollKey.ts ADDED Viewed

@@ -0,0 +1,69 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+import { keysRerollKey } from "../../funcs/keysRerollKey.js";
+import * as components from "../../models/components/index.js";
+import { formatResult, ToolDefinition } from "../tools.js";
+const args = {
+  request: components.V2KeysRerollKeyRequestBody$inboundSchema,
+};
+export const tool$keysRerollKey: ToolDefinition<typeof args> = {
+  name: "keys-reroll-key",
+  description: `Reroll Key
+Generate a new API key while preserving the configuration from an existing key.
+This operation creates a fresh key with a new token while maintaining all settings from the original key:
+- Permissions and roles
+- Custom metadata
+- Rate limit configurations
+- Identity associations
+- Remaining credits
+- Recovery settings
+**Key Generation:**
+- The system attempts to extract the prefix from the original key
+- If prefix extraction fails, the default API prefix is used
+- Key length follows the API's default byte configuration (or 16 bytes if not specified)
+**Original Key Handling:**
+- The original key will be revoked after the duration specified in \`expiration\`
+- Set \`expiration\` to 0 to revoke immediately
+- This allows for graceful key rotation with an overlap period
+Common use cases include:
+- Rotating keys for security compliance
+- Issuing replacement keys for compromised credentials
+- Creating backup keys with identical permissions
+**Important:** Analytics and usage metrics are tracked at both the key level AND identity level. If the original key has an identity, the new key will inherit it, allowing you to track usage across both individual keys and the overall identity.
+**Required Permissions**
+ Your root key must have:
+ - \`api.*.create_key\` or \`api.<api_id>.create_key\`
+ - \`api.*.encrypt_key\` or \`api.<api_id>.encrypt_key\` (only when the original key is recoverable)
+`,
+  args,
+  tool: async (client, args, ctx) => {
+    const [result, apiCall] = await keysRerollKey(
+      client,
+      args.request,
+      { fetchOptions: { signal: ctx.signal } },
+    ).$inspect();
+    if (!result.ok) {
+      return {
+        content: [{ type: "text", text: result.error.message }],
+        isError: true,
+      };
+    }
+    const value = result.value;
+    return formatResult(value, apiCall);
+  },
+};

package/src/mcp-server/tools/permissionsListPermissions.ts CHANGED Viewed

@@ -14,7 +14,8 @@ export const tool$permissionsListPermissions: ToolDefinition<typeof args> = {
   name: "permissions-list-permissions",
   description: `List permissions
-Retrieve all permissions in your workspace. Results are paginated and sorted alphabetically by permission name.
+Retrieve all permissions in your workspace.
+Results are paginated and sorted by their id.
 **Required Permissions**

package/src/mcp-server/tools/permissionsListRoles.ts CHANGED Viewed

@@ -14,7 +14,8 @@ export const tool$permissionsListRoles: ToolDefinition<typeof args> = {
   name: "permissions-list-roles",
   description: `List roles
-Retrieve all roles in your workspace including their assigned permissions. Results are paginated and sorted alphabetically by role name.
+Retrieve all roles in your workspace including their assigned permissions.
+Results are paginated and sorted by their id.
 **Required Permissions**

package/src/models/components/index.ts CHANGED Viewed

@@ -55,6 +55,9 @@ export * from "./v2keysremovepermissionsrequestbody.js";
 export * from "./v2keysremovepermissionsresponsebody.js";
 export * from "./v2keysremoverolesrequestbody.js";
 export * from "./v2keysremoverolesresponsebody.js";
+export * from "./v2keysrerollkeyrequestbody.js";
+export * from "./v2keysrerollkeyresponsebody.js";
+export * from "./v2keysrerollkeyresponsedata.js";
 export * from "./v2keyssetpermissionsrequestbody.js";
 export * from "./v2keyssetpermissionsresponsebody.js";
 export * from "./v2keyssetrolesrequestbody.js";

package/src/models/components/v2keysaddpermissionsresponsebody.ts CHANGED Viewed

@@ -31,7 +31,6 @@ export type V2KeysAddPermissionsResponseBody = {
    *
    * This response includes:
    * - All direct permissions assigned to the key (both pre-existing and newly added)
-   * - Permissions sorted alphabetically by name for consistent response format
    * - Both the permission ID and name for each permission
    *
    * Important notes:

package/src/models/components/v2keysaddrolesresponsebody.ts CHANGED Viewed

@@ -32,7 +32,6 @@ export type V2KeysAddRolesResponseBody = {
    * The response includes:
    * - All roles now assigned to the key (both pre-existing and newly added)
    * - Both ID and name of each role for easy reference
-   * - Roles sorted alphabetically by name for consistent response format
    *
    * Important notes:
    * - The response shows the complete current state after the addition

package/src/models/components/v2keysremoverolesresponsebody.ts CHANGED Viewed

@@ -32,7 +32,6 @@ export type V2KeysRemoveRolesResponseBody = {
    * The response includes:
    * - The remaining roles still assigned to the key (after removing the specified roles)
    * - Both ID and name for each role for easy reference
-   * - Roles sorted alphabetically by name for consistent response format
    *
    * Important notes:
    * - The response reflects the current state after the removal operation

package/src/models/components/v2keysrerollkeyrequestbody.ts ADDED Viewed

@@ -0,0 +1,99 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+import * as z from "zod";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+export type V2KeysRerollKeyRequestBody = {
+  /**
+   * The database identifier of the key to reroll.
+   *
+   * @remarks
+   *
+   * This is the unique ID returned when creating or listing keys, NOT the actual API key token.
+   * You can find this ID in:
+   * - The response from `keys.createKey`
+   * - Key verification responses
+   * - The Unkey dashboard
+   * - API key listing endpoints
+   */
+  keyId: string;
+  /**
+   * Duration in milliseconds until the ORIGINAL key is revoked, starting from now.
+   *
+   * @remarks
+   *
+   * This parameter controls the overlap period for key rotation:
+   * - Set to `0` to revoke the original key immediately
+   * - Positive values keep the original key active for the specified duration
+   * - Allows graceful migration by giving users time to update their credentials
+   *
+   * Common overlap periods:
+   * - Immediate revocation: 0
+   * - 1 hour grace period: 3600000
+   * - 24 hours grace period: 86400000
+   * - 7 days grace period: 604800000
+   * - 30 days grace period: 2592000000
+   */
+  expiration: number;
+};
+/** @internal */
+export const V2KeysRerollKeyRequestBody$inboundSchema: z.ZodType<
+  V2KeysRerollKeyRequestBody,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  keyId: z.string(),
+  expiration: z.number().int(),
+});
+/** @internal */
+export type V2KeysRerollKeyRequestBody$Outbound = {
+  keyId: string;
+  expiration: number;
+};
+/** @internal */
+export const V2KeysRerollKeyRequestBody$outboundSchema: z.ZodType<
+  V2KeysRerollKeyRequestBody$Outbound,
+  z.ZodTypeDef,
+  V2KeysRerollKeyRequestBody
+> = z.object({
+  keyId: z.string(),
+  expiration: z.number().int(),
+});
+/**
+ * @internal
+ * @deprecated This namespace will be removed in future versions. Use schemas and types that are exported directly from this module.
+ */
+export namespace V2KeysRerollKeyRequestBody$ {
+  /** @deprecated use `V2KeysRerollKeyRequestBody$inboundSchema` instead. */
+  export const inboundSchema = V2KeysRerollKeyRequestBody$inboundSchema;
+  /** @deprecated use `V2KeysRerollKeyRequestBody$outboundSchema` instead. */
+  export const outboundSchema = V2KeysRerollKeyRequestBody$outboundSchema;
+  /** @deprecated use `V2KeysRerollKeyRequestBody$Outbound` instead. */
+  export type Outbound = V2KeysRerollKeyRequestBody$Outbound;
+}
+export function v2KeysRerollKeyRequestBodyToJSON(
+  v2KeysRerollKeyRequestBody: V2KeysRerollKeyRequestBody,
+): string {
+  return JSON.stringify(
+    V2KeysRerollKeyRequestBody$outboundSchema.parse(v2KeysRerollKeyRequestBody),
+  );
+}
+export function v2KeysRerollKeyRequestBodyFromJSON(
+  jsonString: string,
+): SafeParseResult<V2KeysRerollKeyRequestBody, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => V2KeysRerollKeyRequestBody$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2KeysRerollKeyRequestBody' from JSON`,
+  );
+}

package/src/models/components/v2keysrerollkeyresponsebody.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+import * as z from "zod";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+import {
+  Meta,
+  Meta$inboundSchema,
+  Meta$Outbound,
+  Meta$outboundSchema,
+} from "./meta.js";
+import {
+  V2KeysRerollKeyResponseData,
+  V2KeysRerollKeyResponseData$inboundSchema,
+  V2KeysRerollKeyResponseData$Outbound,
+  V2KeysRerollKeyResponseData$outboundSchema,
+} from "./v2keysrerollkeyresponsedata.js";
+export type V2KeysRerollKeyResponseBody = {
+  /**
+   * Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The `requestId` is particularly important when troubleshooting issues with the Unkey support team.
+   */
+  meta: Meta;
+  data: V2KeysRerollKeyResponseData;
+};
+/** @internal */
+export const V2KeysRerollKeyResponseBody$inboundSchema: z.ZodType<
+  V2KeysRerollKeyResponseBody,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  meta: Meta$inboundSchema,
+  data: V2KeysRerollKeyResponseData$inboundSchema,
+});
+/** @internal */
+export type V2KeysRerollKeyResponseBody$Outbound = {
+  meta: Meta$Outbound;
+  data: V2KeysRerollKeyResponseData$Outbound;
+};
+/** @internal */
+export const V2KeysRerollKeyResponseBody$outboundSchema: z.ZodType<
+  V2KeysRerollKeyResponseBody$Outbound,
+  z.ZodTypeDef,
+  V2KeysRerollKeyResponseBody
+> = z.object({
+  meta: Meta$outboundSchema,
+  data: V2KeysRerollKeyResponseData$outboundSchema,
+});
+/**
+ * @internal
+ * @deprecated This namespace will be removed in future versions. Use schemas and types that are exported directly from this module.
+ */
+export namespace V2KeysRerollKeyResponseBody$ {
+  /** @deprecated use `V2KeysRerollKeyResponseBody$inboundSchema` instead. */
+  export const inboundSchema = V2KeysRerollKeyResponseBody$inboundSchema;
+  /** @deprecated use `V2KeysRerollKeyResponseBody$outboundSchema` instead. */
+  export const outboundSchema = V2KeysRerollKeyResponseBody$outboundSchema;
+  /** @deprecated use `V2KeysRerollKeyResponseBody$Outbound` instead. */
+  export type Outbound = V2KeysRerollKeyResponseBody$Outbound;
+}
+export function v2KeysRerollKeyResponseBodyToJSON(
+  v2KeysRerollKeyResponseBody: V2KeysRerollKeyResponseBody,
+): string {
+  return JSON.stringify(
+    V2KeysRerollKeyResponseBody$outboundSchema.parse(
+      v2KeysRerollKeyResponseBody,
+    ),
+  );
+}
+export function v2KeysRerollKeyResponseBodyFromJSON(
+  jsonString: string,
+): SafeParseResult<V2KeysRerollKeyResponseBody, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => V2KeysRerollKeyResponseBody$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2KeysRerollKeyResponseBody' from JSON`,
+  );
+}

package/src/models/components/v2keysrerollkeyresponsedata.ts ADDED Viewed

@@ -0,0 +1,103 @@
+/*
+ * Code generated by Speakeasy (https://speakeasy.com). DO NOT EDIT.
+ */
+import * as z from "zod";
+import { safeParse } from "../../lib/schemas.js";
+import { Result as SafeParseResult } from "../../types/fp.js";
+import { SDKValidationError } from "../errors/sdkvalidationerror.js";
+export type V2KeysRerollKeyResponseData = {
+  /**
+   * The unique identifier for the newly created key.
+   *
+   * @remarks
+   *
+   * This is NOT the actual API key token, but a reference ID for management operations.
+   * Store this ID to:
+   * - Update or revoke the key later
+   * - Track the key in your database
+   * - Display in admin dashboards (safe to log)
+   *
+   * Note: This is a new ID - the original key retains its own ID.
+   */
+  keyId: string;
+  /**
+   * The newly generated API key token (the actual secret that authenticates requests).
+   *
+   * @remarks
+   *
+   * **SECURITY CRITICAL:**
+   * - This is the only time you'll receive the complete key
+   * - Unkey stores only a hashed version (unless the original key was created with `recoverable=true`)
+   * - Never log, store, or expose this value in your systems
+   * - Transmit directly to the end user via secure channels only
+   * - If lost and not recoverable, you must reroll or create a new key
+   *
+   * The key format follows: `[prefix]_[random_bytes]`
+   * - Prefix is extracted from the original key or uses API default
+   * - Random bytes follow API configuration (default: 16 bytes)
+   *
+   * This is NOT the keyId - it's the actual secret token used for authentication.
+   */
+  key: string;
+};
+/** @internal */
+export const V2KeysRerollKeyResponseData$inboundSchema: z.ZodType<
+  V2KeysRerollKeyResponseData,
+  z.ZodTypeDef,
+  unknown
+> = z.object({
+  keyId: z.string(),
+  key: z.string(),
+});
+/** @internal */
+export type V2KeysRerollKeyResponseData$Outbound = {
+  keyId: string;
+  key: string;
+};
+/** @internal */
+export const V2KeysRerollKeyResponseData$outboundSchema: z.ZodType<
+  V2KeysRerollKeyResponseData$Outbound,
+  z.ZodTypeDef,
+  V2KeysRerollKeyResponseData
+> = z.object({
+  keyId: z.string(),
+  key: z.string(),
+});
+/**
+ * @internal
+ * @deprecated This namespace will be removed in future versions. Use schemas and types that are exported directly from this module.
+ */
+export namespace V2KeysRerollKeyResponseData$ {
+  /** @deprecated use `V2KeysRerollKeyResponseData$inboundSchema` instead. */
+  export const inboundSchema = V2KeysRerollKeyResponseData$inboundSchema;
+  /** @deprecated use `V2KeysRerollKeyResponseData$outboundSchema` instead. */
+  export const outboundSchema = V2KeysRerollKeyResponseData$outboundSchema;
+  /** @deprecated use `V2KeysRerollKeyResponseData$Outbound` instead. */
+  export type Outbound = V2KeysRerollKeyResponseData$Outbound;
+}
+export function v2KeysRerollKeyResponseDataToJSON(
+  v2KeysRerollKeyResponseData: V2KeysRerollKeyResponseData,
+): string {
+  return JSON.stringify(
+    V2KeysRerollKeyResponseData$outboundSchema.parse(
+      v2KeysRerollKeyResponseData,
+    ),
+  );
+}
+export function v2KeysRerollKeyResponseDataFromJSON(
+  jsonString: string,
+): SafeParseResult<V2KeysRerollKeyResponseData, SDKValidationError> {
+  return safeParse(
+    jsonString,
+    (x) => V2KeysRerollKeyResponseData$inboundSchema.parse(JSON.parse(x)),
+    `Failed to parse 'V2KeysRerollKeyResponseData' from JSON`,
+  );
+}

package/src/models/components/v2keyssetpermissionsresponsebody.ts CHANGED Viewed

@@ -32,7 +32,6 @@ export type V2KeysSetPermissionsResponseBody = {
    * The response includes:
    * - The comprehensive, updated set of direct permissions (reflecting the complete replacement)
    * - Both ID and name for each permission for easy reference
-   * - Permissions sorted alphabetically by name for consistent response format
    *
    * Important notes:
    * - This only shows direct permissions, not those granted through roles

package/src/models/components/v2keyssetrolesresponsebody.ts CHANGED Viewed

@@ -32,7 +32,6 @@ export type V2KeysSetRolesResponseBody = {
    * The response includes:
    * - The comprehensive, updated set of roles (reflecting the complete replacement)
    * - Both ID and name for each role for easy reference
-   * - Roles sorted alphabetically by name for consistent response format
    *
    * Important notes:
    * - This response shows the final state after the complete replacement

package/src/sdk/keys.ts CHANGED Viewed

@@ -9,6 +9,7 @@ import { keysDeleteKey } from "../funcs/keysDeleteKey.js";
 import { keysGetKey } from "../funcs/keysGetKey.js";
 import { keysRemovePermissions } from "../funcs/keysRemovePermissions.js";
 import { keysRemoveRoles } from "../funcs/keysRemoveRoles.js";
+import { keysRerollKey } from "../funcs/keysRerollKey.js";
 import { keysSetPermissions } from "../funcs/keysSetPermissions.js";
 import { keysSetRoles } from "../funcs/keysSetRoles.js";
 import { keysUpdateCredits } from "../funcs/keysUpdateCredits.js";
@@ -233,6 +234,54 @@ export class Keys extends ClientSDK {
     ));
   }
+  /**
+   * Reroll Key
+   *
+   * @remarks
+   * Generate a new API key while preserving the configuration from an existing key.
+   *
+   * This operation creates a fresh key with a new token while maintaining all settings from the original key:
+   * - Permissions and roles
+   * - Custom metadata
+   * - Rate limit configurations
+   * - Identity associations
+   * - Remaining credits
+   * - Recovery settings
+   *
+   * **Key Generation:**
+   * - The system attempts to extract the prefix from the original key
+   * - If prefix extraction fails, the default API prefix is used
+   * - Key length follows the API's default byte configuration (or 16 bytes if not specified)
+   *
+   * **Original Key Handling:**
+   * - The original key will be revoked after the duration specified in `expiration`
+   * - Set `expiration` to 0 to revoke immediately
+   * - This allows for graceful key rotation with an overlap period
+   *
+   * Common use cases include:
+   * - Rotating keys for security compliance
+   * - Issuing replacement keys for compromised credentials
+   * - Creating backup keys with identical permissions
+   *
+   * **Important:** Analytics and usage metrics are tracked at both the key level AND identity level. If the original key has an identity, the new key will inherit it, allowing you to track usage across both individual keys and the overall identity.
+   *
+   * **Required Permissions**
+   *
+   *  Your root key must have:
+   *  - `api.*.create_key` or `api.<api_id>.create_key`
+   *  - `api.*.encrypt_key` or `api.<api_id>.encrypt_key` (only when the original key is recoverable)
+   */
+  async rerollKey(
+    request: components.V2KeysRerollKeyRequestBody,
+    options?: RequestOptions,
+  ): Promise<components.V2KeysRerollKeyResponseBody> {
+    return unwrapAsync(keysRerollKey(
+      this,
+      request,
+      options,
+    ));
+  }
   /**
    * Set key permissions
    *

package/src/sdk/permissions.ts CHANGED Viewed

@@ -161,7 +161,8 @@ export class Permissions extends ClientSDK {
    * List permissions
    *
    * @remarks
-   * Retrieve all permissions in your workspace. Results are paginated and sorted alphabetically by permission name.
+   * Retrieve all permissions in your workspace.
+   * Results are paginated and sorted by their id.
    *
    * **Required Permissions**
    *
@@ -183,7 +184,8 @@ export class Permissions extends ClientSDK {
    * List roles
    *
    * @remarks
-   * Retrieve all roles in your workspace including their assigned permissions. Results are paginated and sorted alphabetically by role name.
+   * Retrieve all roles in your workspace including their assigned permissions.
+   * Results are paginated and sorted by their id.
    *
    * **Required Permissions**
    *