API keys

API keys are the credentials agents use to authenticate with Openavail.

Key format

Keys are prefixed with ak_ followed by a fixed-length unique identifier:

ak_01HX7QQMR5VKWZ3P9NDTF8KE2

The prefix makes them easy to identify in logs and secret scanners.

Creating a key

From the dashboard: Agents → [agent name] → API keys → New key.

You can create multiple keys per agent — for example, one per deployment environment or one per integration. Each key appears independently in audit logs so you can trace exactly which key made a given request.

The key is shown once at creation. Copy it to your secret manager immediately.

Rotating keys

To rotate a key:

Create a new key for the agent
Update your secret manager with the new key
Deploy the updated configuration
Confirm traffic is flowing through the new key (check the audit log)
Revoke the old key

Openavail does not enforce key expiry, but your security policy should.

Revoking a key

Agents → [agent name] → API keys → [key] → Revoke. Revocation is immediate and irreversible. In-flight requests using the key will fail with 401 Unauthorized.

Active holds held by the revoked key are not automatically cancelled — they expire normally per their TTL.

Key security

Store keys in a secrets manager (Infisical, AWS Secrets Manager, Vault, etc.)
Never commit keys to source control
Rotate keys if a deployment is decommissioned or a team member leaves
Use separate keys per environment (dev/staging/prod) so you can revoke one without affecting others