QANATIX
API Reference

Authentication API

API key management endpoints — create, list, rotate, revoke.

Authentication API

Manage API keys programmatically.

POST /auth/keys

Create a new API key.

curl -X POST https://api.qanatix.com/api/v1/auth/keys \
  -H "Authorization: Bearer sk_live_abc123..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-search",
    "scopes": ["search"],
    "expires_at": "2027-01-01T00:00:00Z"
  }'

Request body

FieldTypeRequiredDescription
namestringyesHuman-readable key name
scopesstring[]yesPermissions: search, ingest, entities, admin
expires_atdatetimenoOptional expiration (ISO 8601)

Response (201)

{
  "id": "550e8400-e29b-41d4-a716-446655440000",
  "name": "production-search",
  "key": "sk_live_abc123def456...",
  "scopes": ["search"],
  "expires_at": "2027-01-01T00:00:00Z",
  "message": "Store this key securely — it cannot be retrieved again."
}

The key value is shown once. It's hashed with API_KEY_SALT before storage.

GET /auth/keys

List all active API keys for your tenant.

curl https://api.qanatix.com/api/v1/auth/keys \
  -H "Authorization: Bearer sk_live_abc123..."

Response (200)

[
  {
    "id": "550e8400-...",
    "name": "production-search",
    "scopes": ["search"],
    "created_at": "2026-03-01T10:00:00Z",
    "expires_at": "2027-01-01T00:00:00Z",
    "last_used_at": "2026-03-07T14:30:00Z"
  }
]

Key values are never returned — only metadata.

POST /auth/keys/{key_id}/rotate

Generate a new key, immediately invalidating the old one. Same name, scopes, and expiration.

curl -X POST https://api.qanatix.com/api/v1/auth/keys/550e8400-.../rotate \
  -H "Authorization: Bearer sk_live_abc123..."

Response (200)

{
  "id": "550e8400-...",
  "name": "production-search",
  "key": "sk_live_newkey789...",
  "scopes": ["search"],
  "message": "Old key is now invalid. Update your applications immediately."
}

DELETE /auth/keys/{key_id}

Revoke a key immediately.

curl -X DELETE https://api.qanatix.com/api/v1/auth/keys/550e8400-... \
  -H "Authorization: Bearer sk_live_abc123..."

Response

204 No Content — key stops working immediately.

Scopes

ScopeAllows
searchQuery the search API
ingestPush data via ingestion endpoints
entitiesCRUD on entities
adminTenant management, reindex, export, usage stats

The admin scope implicitly grants all other scopes.

API Reference

QANATIX REST API — all endpoints.

Entities API

CRUD operations on entities — create, list, get, update, delete, bulk.

On this page

Authentication APIPOST /auth/keysRequest bodyResponse (201)GET /auth/keysResponse (200)POST /auth/keys/{key_id}/rotateResponse (200)DELETE /auth/keys/{key_id}ResponseScopes