API Keys

Manage API keys for external access.

GET/api/v1/api-keys

List all API keys for your organization. For security, only the last 4 characters of each key are returned.

Example

curl https://app.clawdmail.ai/api/v1/api-keys \
  -H "Authorization: Bearer cm_live_your_key"

Response

{
  "data": {
    "keys": [
      {
        "id": "key_8f3a1b2c4d5e",
        "name": "Production",
        "lastFour": "x7f2",
        "createdAt": "2026-01-10T09:00:00Z",
        "lastUsedAt": "2026-03-04T11:45:00Z"
      },
      {
        "id": "key_2a9b1d3f7c4e",
        "name": "Staging",
        "lastFour": "m3k9",
        "createdAt": "2026-02-15T14:30:00Z",
        "lastUsedAt": null
      }
    ]
  }
}

POST/api/v1/api-keys

Create a new API key. The full key is returned only in this response — store it securely.

Parameters

Name	Type	Description
`name`required	string	A label to identify this key (e.g. "Production", "CI/CD")

Example

curl -X POST https://app.clawdmail.ai/api/v1/api-keys \
  -H "Authorization: Bearer cm_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Production" }'

Response

{
  "data": {
    "id": "key_6c5b4a3f9e7d",
    "name": "Production",
    "key": "cm_live_a1b2c3d4e5f6g7h8i9j0k1l2",
    "createdAt": "2026-03-04T12:00:00Z"
  }
}

The full API key is only returned once when created. Store it immediately in a secure location like an environment variable or secrets manager. If lost, revoke the key and create a new one.

DELETE/api/v1/api-keys

Revoke an API key. Any requests using this key will immediately start returning 401 errors.

Parameters

Name	Type	Description
`id`required	string	The key ID to revoke (passed as query parameter)

Example

curl -X DELETE "https://app.clawdmail.ai/api/v1/api-keys?id=key_8f3a1b2c4d5e" \
  -H "Authorization: Bearer cm_live_your_key"

Response

{
  "data": {
    "deleted": true
  }
}