API Keys
API keys authenticate requests to the Banklyze API. Each key is scoped to your organization and can be restricted to specific permission scopes. Create separate keys for each integration or environment.
The full API key is only returned once, at creation time. Store it securely in your secrets manager immediately. If you lose the key, you must revoke it and create a new one.
Create API Key
Creates a new API key with the specified label and permission scopes. The full key value is included in the response and will not be shown again.
| Name | Type | Required | Description |
|---|---|---|---|
| label | string | Required | Human-readable label to identify this key |
| scopes | string[] | Required | Permission scopes (e.g. deals:read, documents:write) |
Save the key value from the response immediately. It is only returned on creation and cannot be retrieved later. The list endpoint returns only a masked version.
curl -X POST https://api.banklyze.com/v1/keys \
-H "Authorization: Bearer bkz_live_abc123" \
-H "Content-Type: application/json" \
-d '{
"label": "Production Backend",
"scopes": ["deals:read", "deals:write", "documents:write", "webhooks:read"]
}'{
"data": {
"id": 7,
"key": "bkz_live_9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08",
"label": "Production Backend",
"scopes": ["deals:read", "deals:write", "documents:write", "webhooks:read"],
"created_at": "2025-11-01T14:30:00Z",
"last_used_at": null
}
}Available scopes
| Name | Type | Required | Description |
|---|---|---|---|
| deals:read | scope | Optional | Read deal details, list deals, view recommendations |
| deals:write | scope | Optional | Create deals, update deals, record decisions |
| documents:read | scope | Optional | View documents, download files, list transactions |
| documents:write | scope | Optional | Upload documents, trigger reprocessing |
| transactions:read | scope | Optional | List and filter transactions, view flags |
| webhooks:read | scope | Optional | View webhook config and delivery logs |
| webhooks:write | scope | Optional | Configure webhooks, test delivery |
| exports:read | scope | Optional | Download generated reports and exports |
| exports:write | scope | Optional | Generate new PDF reports and CSV exports |
| keys:manage | scope | Optional | Create and revoke API keys (admin only) |
List API Keys
Returns all API keys for the authenticated organization. Keys are returned with a masked value showing only the prefix and last 4 characters. Includes the label, scopes, creation date, and last usage timestamp.
curl https://api.banklyze.com/v1/keys \
-H "Authorization: Bearer bkz_live_abc123"{
"data": [
{
"id": 7,
"key_masked": "bkz_live_9f86...0a08",
"label": "Production Backend",
"scopes": ["deals:read", "deals:write", "documents:write", "webhooks:read"],
"created_at": "2025-11-01T14:30:00Z",
"last_used_at": "2025-11-01T15:42:18Z"
},
{
"id": 3,
"key_masked": "bkz_live_a1b2...f3g4",
"label": "Staging Integration",
"scopes": ["deals:read", "documents:read"],
"created_at": "2025-09-15T10:00:00Z",
"last_used_at": "2025-10-28T09:12:33Z"
},
{
"id": 1,
"key_masked": "bkz_live_x7y8...z9w0",
"label": "Internal Dashboard",
"scopes": ["deals:read", "documents:read", "transactions:read", "exports:read"],
"created_at": "2025-08-01T08:00:00Z",
"last_used_at": "2025-11-01T14:58:01Z"
}
],
"meta": {
"page": 1,
"per_page": 25,
"total": 3,
"total_pages": 1
}
}Revoke API Key
Permanently revokes an API key. Any requests using this key will immediately receive a 401 Unauthorized response. This action cannot be undone.
| Name | Type | Required | Description |
|---|---|---|---|
| key_id | integer | Required | The API key ID to revoke |
curl -X DELETE https://api.banklyze.com/v1/keys/3 \
-H "Authorization: Bearer bkz_live_abc123"{
"success": true,
"message": "API key revoked"
}