Projects
A project is your workspace. It owns APIs, plans, consumers, and keys, and is addressed by a rootKey. One customer can own many projects.
Create project
Projects are created from the ReqKey dashboard — we don’t serve an API endpoint for this currently. Create the project, then open its Settings and copy the root_key (it starts with reqkey_). That key is the single most important credential: it is the Bearer token for every endpoint under the project.
- Dashboard → New project → Settings → copy the root_key (starts with reqkey_).
- Keep the rootKey server-side, like a password. If it ever leaks, rotate it instantly with /project/rootkey-reroll.
- One account can own many projects — each gets its own rootKey.
List projects
Your projects are only visible in the ReqKey dashboard — there is no API endpoint for this currently. Each project shows its status, settings, and root_key.
/project/detailsBearerGet project details
Fetch project metadata and consumer / API counts.
curl -X POST "https://api.reqkey.com/project/details" \
-H "Authorization: Bearer reqkey_xxx..."{
"rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
"name": "My Production Project",
"customerId": "customer123",
"createdAt": "2026-01-30T12:34:56Z",
"status": "active",
"expiresAt": null,
"counts": {
"consumers": 5,
"apis": 3
}
}/project/updateBearerUpdate project
Rename a project.
namestringrequiredNew project name.
curl -X POST "https://api.reqkey.com/project/update" \
-H "Authorization: Bearer reqkey_xxx..." \
-H "Content-Type: application/json" \
-d '{
"name": "Renamed Project"
}'{
"rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
"updatedAt": "2026-01-30T14:00:00Z",
"changes": {
"name": "Renamed Project"
}
}- Changes sync globally and are visible in every region immediately.
/project/deleteBearerDelete project
Deletes a project and cascades to its consumers, keys, APIs, and plans. Soft delete (default) marks everything as deleted and the rootKey stops authenticating; hard delete removes all data permanently.
permanentbooleanfalse = soft delete (default), true = hard delete.
curl -X POST "https://api.reqkey.com/project/delete" \
-H "Authorization: Bearer reqkey_xxx..." \
-H "Content-Type: application/json" \
-d '{
"permanent": false
}'{
"rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
"deleted": true,
"permanent": false,
"deletedAt": "2026-01-30T12:34:56Z",
"consumersAffected": 3,
"keysAffected": 7,
"apisAffected": 2,
"message": "Project soft deleted. All children marked as deleted."
}- Soft delete is reversible; the rootKey immediately stops working for auth.
- Hard delete removes project, consumer, key, and API hashes plus all credit state and the global index entry.
/project/rootkey-rerollBearerReroll root key
Regenerates the project rootKey and migrates every child resource to reference the new key. Use this for scheduled rotation or if the rootKey is compromised. Existing API keys keep working — only project auth changes.
curl -X POST "https://api.reqkey.com/project/rootkey-reroll" \
-H "Authorization: Bearer reqkey_xxx..."{
"oldRootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
"newRootKey": "reqkey_N3W4K3Y5V6A7L8U9E0H1E2R3",
"message": "Root key rerolled successfully. Use the new key for all future requests."
}- The old rootKey becomes invalid immediately.
- All existing API keys continue to work — only the project auth token changes.