API keys give automated clients — trading bots, data pipelines, and server-side integrations — access to Predexy’s external endpoints without a browser session. Each key is prefixed with pdx_ and shown once at creation; the full value is hashed on the server immediately and cannot be retrieved again. These endpoints require a console session JWT.
Authentication
All key management endpoints require a session JWT from the Developer Console auth flow:
Authorization: Bearer <your_jwt>
Endpoints
| Method | Path | Description |
|---|
POST | /api/v1/console/keys | Create a new API key |
GET | /api/v1/console/keys | List your API keys |
DELETE | /api/v1/console/keys/{id} | Revoke a key permanently |
Create an API key
POST https://api.predexy.com/api/v1/console/keys
Request body
Human-readable label for the key, e.g. "Production Trading Bot". 1–100 characters.
JSON-encoded array of permission strings. Default grants read access to arbitrage, markets, and questions.
Custom rate limit in requests per minute. Range 1–10,000. Defaults to 60.
Example request
curl -X POST https://api.predexy.com/api/v1/console/keys \
-H "Authorization: Bearer <your_jwt>" \
-H "Content-Type: application/json" \
-d '{
"name": "Production Trading Bot",
"permissions": "[\"read:arbitrage\",\"read:markets\"]",
"rate_limit": 600
}'
CreateAPIKeyResponse fields
API key UUID. Use this to revoke the key later.
The full API key, prefixed with pdx_. This is the only time the full key is returned. Store it in a secrets manager immediately.
First 12 characters of the key, used for identification in future list responses, e.g. pdx_a1b2c3d4.
JSON-encoded permissions array as stored.
Rate limit in requests per minute.
Warning message confirming the key will not be shown again.
Sample response
{
"data": {
"id": "9b1f7e2a-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
"name": "Production Trading Bot",
"key": "pdx_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"key_prefix": "pdx_a1b2c3d4",
"permissions": "[\"read:arbitrage\",\"read:markets\"]",
"rate_limit": 600
},
"message": "Save this API key — it will not be shown again."
}
Copy the key field from the response immediately. The server stores only a hash of the key — there is no way to recover or display the full value after this response is received. If you lose the key, revoke it and create a new one.
List API keys
GET https://api.predexy.com/api/v1/console/keys
Example request
curl https://api.predexy.com/api/v1/console/keys \
-H "Authorization: Bearer <your_jwt>"
APIKeyInfo fields
First 12 characters for identification, e.g. pdx_a1b2c3d4.
JSON-encoded permission array.
Rate limit in requests per minute.
false if the key has been revoked.
ISO 8601 timestamp of the most recent successful request. null if the key has never been used.
ISO 8601 timestamp when the key was created.
Sample response
{
"data": [
{
"id": "9b1f7e2a-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
"name": "Production Trading Bot",
"key_prefix": "pdx_a1b2c3d4",
"permissions": "[\"read:arbitrage\",\"read:markets\"]",
"rate_limit": 600,
"is_active": true,
"last_used_at": "2026-04-25T14:55:30Z",
"created_at": "2026-04-01T09:00:00Z"
}
],
"meta": { "count": 1 }
}
Revoke an API key
DELETE https://api.predexy.com/api/v1/console/keys/{id}
401 INVALID_API_KEY. Revocation is permanent — the key cannot be reactivated.
Path parameters
UUID of the API key to revoke.
Example request
curl -X DELETE https://api.predexy.com/api/v1/console/keys/9b1f7e2a-3c4d-5e6f-7a8b-9c0d1e2f3a4b \
-H "Authorization: Bearer <your_jwt>"
Sample response
{
"data": {
"id": "9b1f7e2a-3c4d-5e6f-7a8b-9c0d1e2f3a4b",
"status": "revoked"
}
}
