🚀Tenuo Cloud is in beta.Get started →
Dashboard Guide
API Keys

API Keys

API keys provide programmatic access to the Tenuo Cloud API. Each key has specific scopes that control what operations it can perform.

API Key Format

Tenuo Cloud API keys follow this format:

tc_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  • Prefix: tc_ (Tenuo Cloud)
  • 43 characters of base64-encoded random data
⚠️

API keys are shown only once when created. Store them securely - you cannot retrieve the full key later.

Scopes

API keys can have one or more scopes:

ScopeAccess Level
adminFull access to all endpoints
authorizerRead access to revocation endpoints (SRL, check)
read-onlyRead access to all endpoints, no mutations

Scope Permissions

Full access:

  • Create, rotate, revoke keys
  • Create and delete revocations
  • Regenerate SRL
  • Manage API keys and service accounts
  • View audit logs
  • Manage tenant settings

Creating an API Key

Navigate to API Keys

Click API Keys in the sidebar

Create API Key

Click Create API Key

Configure

  • Name: A descriptive name (e.g., "Production Authorizer")
  • Scopes: Select one or more scopes
  • Expiration: Optional expiration date

Create

Click Create

Copy the Key

Important: Copy the API key immediately. It won't be shown again.

Using API Keys

Include the API key in the Authorization header:

curl -H "Authorization: Bearer tc_your_api_key_here" \
  https://api.tenuo.cloud/v1/keys

Or in code:

import requests
 
headers = {"Authorization": "Bearer tc_your_api_key_here"}
response = requests.get("https://api.tenuo.cloud/v1/keys", headers=headers)

Managing API Keys

View API Key Details

Click on any API key to see:

  • Key ID (not the full key)
  • Name and description
  • Scopes
  • Creation date and expiration
  • Last used timestamp
  • Usage statistics

Revoke an API Key

To immediately invalidate an API key:

  1. Click on the key → Revoke
  2. Confirm the revocation
⚠️

Revoked API keys cannot be un-revoked. Create a new key if needed.

Delete an API Key

To permanently remove an API key:

  1. Click on the key → Delete
  2. Confirm the deletion

Best Practices

Use least-privilege scopes

Give each key only the scopes it needs. Authorizers only need authorizer scope.

Rotate keys regularly

Create new keys and deprecate old ones periodically (e.g., every 90 days).

Use descriptive names

Name keys by their purpose: "Production Authorizer", "CI/CD Pipeline", "Development Testing"

Set expiration dates

For temporary access, set an expiration date rather than creating permanent keys.

Never commit keys to git

Use environment variables or secret management systems to store API keys.

Service Accounts vs API Keys

For automation and long-running services, consider using Service Accounts instead of standalone API keys. Service accounts provide:

  • Better organization of related keys
  • Easier key rotation
  • More detailed audit trails

API Reference

API Keys API
RevocationsService Accounts