> For the complete documentation index, see [llms.txt](https://ocx.gitbook.io/ocx-doc/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ocx.gitbook.io/ocx-doc/ocx/api/api-keys.md). # api keys Programmatic key management. For background and usage patterns, see [Authentication → API Keys](file:///7302513/authentication/api-keys.md). {% hint style="info" %} All three endpoints require an **interactive session** (cookie or JWT). Neither a `read`-scope nor a `trade`-scope API key can manage other keys. {% endhint %} *** ## GET /perps/me/api-keys List your active and historical API keys. **Auth**: session or JWT (not API key). **Response** ```json { "keys": [ { "id": "ocx_kid_01HW...", "name": "delta-neutral bot", "scope": "trade", "allowedIps": ["203.0.113.10"], "expiresAt": "2026-10-21T12:00:00Z", "createdAt": "2026-04-24T12:00:00Z", "revokedAt": null, "lastUsedAt": "2026-04-24T12:30:00Z", "lastUsedIp": "203.0.113.10", "status": "active" } ] } ``` `status` is one of: * `active` — not expired, not revoked. * `expired` — past `expiresAt`. * `revoked` — manually revoked. *** ## POST /perps/me/api-keys Create a new API key. **The `secret` is returned exactly once** — store it immediately. **Auth**: session or JWT (not API key). **Request** ```json { "name": "delta-neutral bot", "scope": "trade", "allowedIps": ["203.0.113.10"], "expiresInDays": 180 } ``` | Field | Type | Description | | --------------- | --------------------- | ---------------------------------------- | | `name` | string | Your label for the key | | `scope` | `"read"` \| `"trade"` | See Authentication overview | | `allowedIps` | string\[]? | IPv4 allowlist. Empty / omitted = any IP | | `expiresInDays` | number? | `0` or omitted = no expiry | **Response** ```json { "id": "ocx_kid_01HW...", "secret": "ocx_sk_long_random_string", "name": "delta-neutral bot", "scope": "trade", "allowedIps": ["203.0.113.10"], "expiresAt": "2026-10-21T12:00:00Z" } ``` **Errors** | Status | `code` | When | | ------ | ---------------- | ----------------------------------- | | 400 | `INVALID_SCOPE` | Scope is neither `read` nor `trade` | | 400 | `INVALID_IP` | IP in `allowedIps` is malformed | | 400 | `INVALID_EXPIRY` | `expiresInDays` is negative | | 429 | `TOO_MANY_KEYS` | Account limit reached | *** ## DELETE /perps/me/api-keys/:id Revoke an API key. Revocation is instant. **Auth**: session or JWT (not API key). **Response** ```json { "message": "API key revoked" } ``` **Errors** | Status | When | | ------ | ------------------------------------ | | 404 | Key not found or not owned by caller | | 409 | Key already revoked | *** ## Key management events Every create, revoke, and authenticated use is recorded with: * `apiKeyId` * `eventType` — `created`, `used`, `revoked`, `expired` * `ip` * `userAgent` * `createdAt` These are surfaced in your audit log (UI: Portfolio → API Keys → Activity). Use the audit log to verify that keys you believe should be idle haven't been used recently. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ocx.gitbook.io/ocx-doc/ocx/api/api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.