ReqKey.docs
API reference

Projects

A project is your workspace. It owns APIs, plans, consumers, and keys, and is addressed by a rootKey. One customer can own many projects.

Dashboard

Create project

Projects are created from the ReqKey dashboard — we don’t serve an API endpoint for this currently. Create the project, then open its Settings and copy the root_key (it starts with reqkey_). That key is the single most important credential: it is the Bearer token for every endpoint under the project.

  • Dashboard → New project → Settings → copy the root_key (starts with reqkey_).
  • Keep the rootKey server-side, like a password. If it ever leaks, rotate it instantly with /project/rootkey-reroll.
  • One account can own many projects — each gets its own rootKey.
Dashboard

List projects

Your projects are only visible in the ReqKey dashboard — there is no API endpoint for this currently. Each project shows its status, settings, and root_key.

POST/project/detailsBearer

Get project details

Fetch project metadata and consumer / API counts.

Request
curl -X POST "https://api.reqkey.com/project/details" \
  -H "Authorization: Bearer reqkey_xxx..."
Response
{
  "rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
  "name": "My Production Project",
  "customerId": "customer123",
  "createdAt": "2026-01-30T12:34:56Z",
  "status": "active",
  "expiresAt": null,
  "counts": {
    "consumers": 5,
    "apis": 3
  }
}
Errors
401Missing or invalid Bearer token
410Project is soft-deleted
POST/project/updateBearer

Update project

Rename a project.

Body
namestringrequired

New project name.

Request
curl -X POST "https://api.reqkey.com/project/update" \
  -H "Authorization: Bearer reqkey_xxx..." \
  -H "Content-Type: application/json" \
  -d '{
  "name": "Renamed Project"
}'
Response
{
  "rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
  "updatedAt": "2026-01-30T14:00:00Z",
  "changes": {
    "name": "Renamed Project"
  }
}
  • Changes sync globally and are visible in every region immediately.
Errors
400No updatable fields provided
401Missing or invalid Bearer token
410Project is soft-deleted
POST/project/deleteBearer

Delete project

Deletes a project and cascades to its consumers, keys, APIs, and plans. Soft delete (default) marks everything as deleted and the rootKey stops authenticating; hard delete removes all data permanently.

Body
permanentboolean

false = soft delete (default), true = hard delete.

Request
curl -X POST "https://api.reqkey.com/project/delete" \
  -H "Authorization: Bearer reqkey_xxx..." \
  -H "Content-Type: application/json" \
  -d '{
  "permanent": false
}'
Response
{
  "rootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
  "deleted": true,
  "permanent": false,
  "deletedAt": "2026-01-30T12:34:56Z",
  "consumersAffected": 3,
  "keysAffected": 7,
  "apisAffected": 2,
  "message": "Project soft deleted. All children marked as deleted."
}
  • Soft delete is reversible; the rootKey immediately stops working for auth.
  • Hard delete removes project, consumer, key, and API hashes plus all credit state and the global index entry.
Errors
401Missing or invalid Bearer token
500Temporary internal error — safe to retry
POST/project/rootkey-rerollBearer

Reroll root key

Regenerates the project rootKey and migrates every child resource to reference the new key. Use this for scheduled rotation or if the rootKey is compromised. Existing API keys keep working — only project auth changes.

Request
curl -X POST "https://api.reqkey.com/project/rootkey-reroll" \
  -H "Authorization: Bearer reqkey_xxx..."
Response
{
  "oldRootKey": "reqkey_A1B2C3D4E5F6G7H8I9J0K1L2",
  "newRootKey": "reqkey_N3W4K3Y5V6A7L8U9E0H1E2R3",
  "message": "Root key rerolled successfully. Use the new key for all future requests."
}
  • The old rootKey becomes invalid immediately.
  • All existing API keys continue to work — only the project auth token changes.
Errors
401Missing or invalid Bearer token
410Project is soft-deleted
500Temporary internal error — safe to retry