P402 Logo
P402.io
Docs/How-To Guides/Manage API Keys

>_ DOCS / HOW-TO GUIDES

MANAGE
API KEYS.

Create keys for CI/CD pipelines, agents, and team members. Keys are shown exactly once — only the SHA-256 hash is ever stored.

Security model — read first

  • !API keys are prefixed p402_live_ (production) or p402_test_ (test mode).
  • !The raw key is returned ONCE at creation time. P402 only stores the SHA-256 hash.
  • !If you lose a key, revoke it immediately and create a new one.
  • !Keys never expire unless you revoke them — rotate them regularly.
  • !Never commit keys to version control. Use environment variables or a secrets manager.

Create a Key — Dashboard

  1. 1Go to Dashboard → Settings → API Keys
  2. 2Click "Generate New Key"
  3. 3Name the key (e.g. "production-agent" or "ci-pipeline")
  4. 4Copy the key immediately — it will not be shown again
  5. 5Store it in your environment secrets (AWS Secrets Manager, Vercel env, GitHub Actions secrets)

Create a Key — API

Use your existing key to create additional keys programmatically.

bash
curl -s -X POST https://p402.io/api/v2/keys \
  -H "Authorization: Bearer $P402_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"name": "production-agent-v2"}' | jq .

Response — shown once

{
  "id": "key_01jx...",
  "name": "production-agent-v2",
  "key": "p402_live_a8f2bc...",    // ← save this NOW, not shown again
  "created_at": "2026-04-15T12:00:00Z",
  "last_used_at": null,
  "status": "active"
}

List Keys

bash
curl -s https://p402.io/api/v2/keys \
  -H "Authorization: Bearer $P402_API_KEY" | jq .
{
  "keys": [
    {
      "id": "key_01jx...",
      "name": "production-agent-v2",
      "prefix": "p402_live_a8f2...",   // Only first 16 chars visible
      "created_at": "2026-04-15T12:00:00Z",
      "last_used_at": "2026-04-15T14:32:00Z",
      "status": "active"
    }
  ]
}

Revoke a Key

Revocation is immediate. Any in-flight request using the key will be rejected.

bash
curl -s -X DELETE https://p402.io/api/v2/keys/key_01jx... \
  -H "Authorization: Bearer $P402_API_KEY" | jq .
{ "id": "key_01jx...", "status": "revoked" }

Key Rotation Pattern

Rotate keys without downtime using this blue-green pattern:

1Create the new key while the old one is still active.
2Deploy the new key to your environment / secrets manager.
3Confirm the new key is working in production (check last_used_at).
4Revoke the old key.

Secrets Management

Vercel
bash
# In Vercel dashboard: Settings → Environment Variables
# Or via CLI:
vercel env add P402_API_KEY production
GitHub Actions
bash
# In repo: Settings → Secrets → Actions → New secret
# Reference in workflow:
env:
  P402_API_KEY: ${{ secrets.P402_API_KEY }}
AWS Secrets Manager
bash
aws secretsmanager create-secret \
  --name /prod/p402/api-key \
  --secret-string "p402_live_..."
dotenv (local dev only)
bash
# .env.local — NEVER commit this file
P402_API_KEY=p402_live_...

What's next