Authentication & Signing

API Key Management

View as Markdown

API Key management endpoints only accept JWT authentication.

Create API Key

1POST /v1/private/user/api-key/create
2Authorization: Bearer YOUR_ACCESS_TOKEN
3Content-Type: application/json

Request parameters:

ParameterTypeRequiredDescription
labelstringYesAPI Key label, length 1 - 64
permissionsintNoPermission bitmask, default 1, range 1 - 7
ipWhiteliststring[]NoIP whitelist, up to 20 entries. If omitted, source IP is unrestricted

Request example:

$curl -X POST https://api.6mm.com/v1/private/user/api-key/create \
>  -H "Content-Type: application/json" \
>  -H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
>  -d '{
>    "label": "external-service-prod",
>    "permissions": 3,
>    "ipWhitelist": ["203.0.113.10"]
>  }'

Response example:

1{
2  "code": 0,
3  "message": "success",
4  "data": {
5    "apiKey": "fx_xxxxxxxxxxxxxxxxxxxxxxxx",
6    "apiSecret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
7  },
8  "requestId": "req-api-key"
9}

apiSecret is returned only once when the API Key is created. Store it immediately in a secret management system. Do not write it into source code repositories or logs.

Each user can create up to 30 API Keys.

List API Keys

1GET /v1/private/user/api-key/list
2Authorization: Bearer YOUR_ACCESS_TOKEN

Response fields:

FieldTypeDescription
list[].idstringAPI Key ID
list[].labelstringLabel
list[].apiKeystringPublic API Key identifier
list[].permissionsintPermission bitmask
list[].ipWhiteliststring[]IP whitelist
list[].statusintStatus: 1 enabled, 0 disabled
list[].lastUsedAtint64Last used time
list[].createdAtint64Creation time

Update API Key

1PUT /v1/private/user/api-key/update
2Authorization: Bearer YOUR_ACCESS_TOKEN
3Content-Type: application/json

Request parameters:

ParameterTypeRequiredDescription
idstringYesAPI Key ID
labelstringNoNew label
permissionsintNoNew permission bitmask
ipWhiteliststring[]NoNew IP whitelist
statusintNo1 enabled, 0 disabled

Delete API Key

1POST /v1/private/user/api-key/delete
2Authorization: Bearer YOUR_ACCESS_TOKEN
3Content-Type: application/json

Request body:

1{ "id": "1001" }

Delete All API Keys

1POST /v1/private/user/api-key/delete-all
2Authorization: Bearer YOUR_ACCESS_TOKEN
3Content-Type: application/json

Response fields:

FieldTypeDescription
deletedint64Number of deleted API Keys