API keys
Cross-account key view for support cases. Manual revocation when a customer reports a leak + can't reach the dashboard, or when abuse signals trip a moderation flag.
Manual revocation invalidates the key immediately + cascades to the auth cache. Customer's running sessions on that key continue until next token check; subsequent requests return 401. Audit row records admin id + key id + reason.
| Key | Account | Scopes | Last used | Status | |
|---|---|---|---|---|---|
| production ds_live_a1b2c3d4 … key_00000000-0000-4000-8000-0000000000b1 | acc_00000000-0000-4000-8000-000000000001 | read write | 2026-05-04 10:00 UTC | active |
Revocation fires POST /v1/admin/api-keys/:id/revoke with
a required reason. The reason is stored on the audit row and surfaced
to the customer in their key list ("revoked by Driftstack: <reason>").