Skip to main content

Overview

BYOK endpoints

Available Operations

  • List - List BYOK provider credentials
  • Create - Create a BYOK provider credential
  • Delete - Delete a BYOK provider credential
  • Get - Get a BYOK provider credential
  • Update - Update a BYOK provider credential

List

List the bring-your-own-key (BYOK) provider credentials for the authenticated entity’s default workspace. Use the workspace_id query parameter to scope the result to a different workspace, or the provider query parameter to filter by upstream provider. Management key required.

Example Usage

Parameters

ParameterTypeRequiredDescriptionExample
ctxcontext.Context:heavy_check_mark:The context to use for the request.
offsetoptionalnullable.OptionalNullable[int64]:heavy_minus_sign:Number of records to skip for pagination0
limit*int64:heavy_minus_sign:Maximum number of records to return (max 100)50
workspaceID*string:heavy_minus_sign:Optional workspace ID to filter by. Defaults to the authenticated entity’s default workspace.550e8400-e29b-41d4-a716-446655440000
provider*operations.Provider:heavy_minus_sign:Optional provider slug to filter by (e.g. openai, anthropic, amazon-bedrock).openai
opts[]operations.Option:heavy_minus_sign:The options for this request.

Response

*operations.ListBYOKKeysResponse, error

Errors

Error TypeStatus CodeContent Type
sdkerrors.UnauthorizedResponseError401application/json
sdkerrors.InternalServerResponseError500application/json
sdkerrors.APIError4XX, 5XX*/*

Create

Create a new bring-your-own-key (BYOK) provider credential. The raw key is encrypted at rest and never returned in API responses. Defaults to the authenticated entity’s default workspace; use the workspace_id body field to scope to a different workspace. Treat the raw key as write-only; it is never returned after creation. Management key required.

Example Usage

Parameters

ParameterTypeRequiredDescription
ctxcontext.Context:heavy_check_mark:The context to use for the request.
requestcomponents.CreateBYOKKeyRequest:heavy_check_mark:The request object to use for the request.
opts[]operations.Option:heavy_minus_sign:The options for this request.

Response

*components.CreateBYOKKeyResponse, error

Errors

Error TypeStatus CodeContent Type
sdkerrors.BadRequestResponseError400application/json
sdkerrors.UnauthorizedResponseError401application/json
sdkerrors.ForbiddenResponseError403application/json
sdkerrors.InternalServerResponseError500application/json
sdkerrors.APIError4XX, 5XX*/*

Delete

Delete (soft-delete) a bring-your-own-key (BYOK) provider credential by its id. The encrypted key material is wiped and the record is marked as deleted. Management key required.

Example Usage

Parameters

ParameterTypeRequiredDescriptionExample
ctxcontext.Context:heavy_check_mark:The context to use for the request.
idstring:heavy_check_mark:The BYOK credential ID (UUID).11111111-2222-3333-4444-555555555555
opts[]operations.Option:heavy_minus_sign:The options for this request.

Response

*components.DeleteBYOKKeyResponse, error

Errors

Error TypeStatus CodeContent Type
sdkerrors.UnauthorizedResponseError401application/json
sdkerrors.NotFoundResponseError404application/json
sdkerrors.InternalServerResponseError500application/json
sdkerrors.APIError4XX, 5XX*/*

Get

Get a single bring-your-own-key (BYOK) provider credential by its id. Management key required.

Example Usage

Parameters

ParameterTypeRequiredDescriptionExample
ctxcontext.Context:heavy_check_mark:The context to use for the request.
idstring:heavy_check_mark:The BYOK credential ID (UUID).11111111-2222-3333-4444-555555555555
opts[]operations.Option:heavy_minus_sign:The options for this request.

Response

*components.GetBYOKKeyResponse, error

Errors

Error TypeStatus CodeContent Type
sdkerrors.UnauthorizedResponseError401application/json
sdkerrors.NotFoundResponseError404application/json
sdkerrors.InternalServerResponseError500application/json
sdkerrors.APIError4XX, 5XX*/*

Update

Update an existing bring-your-own-key (BYOK) provider credential by its id. Include the key field to rotate the raw provider API key in-place (the previous key material is overwritten). Management key required.

Example Usage

Parameters

ParameterTypeRequiredDescriptionExample
ctxcontext.Context:heavy_check_mark:The context to use for the request.
idstring:heavy_check_mark:The BYOK credential ID (UUID).11111111-2222-3333-4444-555555555555
updateBYOKKeyRequestcomponents.UpdateBYOKKeyRequest:heavy_check_mark:N/A{
“disabled”: false,
“name”: “Updated OpenAI Key”
}
opts[]operations.Option:heavy_minus_sign:The options for this request.

Response

*components.UpdateBYOKKeyResponse, error

Errors

Error TypeStatus CodeContent Type
sdkerrors.BadRequestResponseError400application/json
sdkerrors.UnauthorizedResponseError401application/json
sdkerrors.NotFoundResponseError404application/json
sdkerrors.InternalServerResponseError500application/json
sdkerrors.APIError4XX, 5XX*/*