API Keys
Manage API keys for programmatic access to the Upcube Quantum API.
Not yet available. API key generation and management require a user authentication system and a server-side database, neither of which are present in the current codebase. Real API keys cannot be created, stored, or validated until auth and database foundations are in place.
Blockers & Requirements
- !User authentication: No auth provider (e.g. NextAuth, Clerk, Auth0) is configured. API keys must be scoped to authenticated users.
- !Server-side database: No database (Prisma, Drizzle, Supabase, etc.) is configured. Hashed API keys, usage counts, and last-used timestamps require persistent server-side storage. The current task store uses browser-localStorage only.
- !Secure key storage: API keys must be hashed (SHA-256 or bcrypt) before storage. Only a key prefix is shown to users after creation. Raw keys are never stored or logged. This requires a server-side key management service.
- !Credits & billing: No credits or billing system exists. API key usage must be tracked against account credits and usage limits. The current UsageSummary component displays placeholder data only.
Planned API Key Features
Key Creation
Generate a unique API key with a configurable name and scope. Keys will be shown once at creation time and must be copied immediately.
Masked Listing
API keys are displayed with only the prefix visible (e.g. upcube_sk_a1b2c3...). Full keys are never shown again after creation.
Revocation
Revoke keys immediately to block all further API access using that key. Revoked keys appear in the list with a struck-through status.
Usage Tracking
View last-used timestamps, total calls, and credits consumed per API key. Requires integration with the usage and billing systems.
Placeholder Key Table
This table shows the planned UI structure. No real keys exist. All data is static placeholder content.
| Name | Key | Created | Last Used | Calls | Status |
|---|---|---|---|---|---|
| (no keys) | — | — | — | — | — |
All API requests currently return 401 Unauthorized because API key authentication is not yet implemented. The API endpoint routes exist and enforce cost-safety gates, but they cannot validate requests without a working auth layer. See the Developer Docs page for endpoint reference.