Keys API

Manage cryptographic keys for signing warrants.

List Keys

GET /v1/keys

Query Parameters

Parameter	Type	Description
`type`	string	Filter by key type: `root`, `issuer`, or `notary`
`status`	string	Filter by status: `active`, `revoked`, `suspended`, `rotated`
`limit`	integer	Maximum results (default 50, max 100)
`cursor`	string	Pagination cursor

Response

{
  "keys": [
    {
      "id": "tnu_key_abc123",
      "type": "issuer",
      "name": "Production Issuer",
      "status": "active",
      "parent_id": "tnu_key_root1",
      "public_key": "base64-encoded-public-key",
      "created_at": "2024-01-15T10:00:00Z",
      "expires_at": "2024-04-15T10:00:00Z"
    }
  ],
  "total": 1,
  "cursor": null
}

Create Key

POST /v1/keys

Request Body

Field	Type	Required	Description
`type`	string	Yes	`root`, `issuer`, or `notary`
`name`	string	Yes	Human-readable name
`parent_id`	string	For issuer/notary	Parent key ID
`expires_at`	string	No	Expiration in RFC3339 format

Example

curl -X POST "https://api.tenuo.cloud/v1/keys" \
  -H "Authorization: Bearer tc_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "issuer",
    "name": "Production Issuer",
    "parent_id": "tnu_key_root1",
    "expires_at": "2024-04-15T10:00:00Z"
  }'

Response

{
  "id": "tnu_key_abc123",
  "type": "issuer",
  "name": "Production Issuer",
  "status": "active",
  "parent_id": "tnu_key_root1",
  "public_key": "base64-encoded-public-key",
  "created_at": "2024-01-15T10:00:00Z",
  "expires_at": "2024-04-15T10:00:00Z"
}

Get Key

GET /v1/keys/{keyId}

Response

{
  "id": "tnu_key_abc123",
  "type": "issuer",
  "name": "Production Issuer",
  "status": "active",
  "parent_id": "tnu_key_root1",
  "public_key": "base64-encoded-public-key",
  "created_at": "2024-01-15T10:00:00Z",
  "expires_at": "2024-04-15T10:00:00Z"
}

Rotate Key

POST /v1/keys/{keyId}/rotate

Creates a new version of an existing key.

Response

{
  "id": "tnu_key_abc123",
  "type": "issuer",
  "name": "Production Issuer",
  "status": "active",
  "public_key": "new-base64-encoded-public-key",
  "rotated_at": "2024-01-15T12:00:00Z"
}

Revoke Key

POST /v1/keys/{keyId}/revoke

Permanently revoke a key and all warrants it has signed.

Request Body

Field	Type	Required	Description
`reason`	string	Yes	Reason for revocation

Example

curl -X POST "https://api.tenuo.cloud/v1/keys/tnu_key_abc123/revoke" \
  -H "Authorization: Bearer tc_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"reason": "Key compromised"}'

Suspend Key

POST /v1/keys/{keyId}/suspend

Temporarily disable a key.

Enable Key

POST /v1/keys/{keyId}/enable

Re-enable a suspended key.

Authentication Revocations