MosendDeveloper

API Keys

API Keys server-to-server con scopes específicos. Bcrypt en BD, secreto sólo visible al crearlas.

Base path: /organizations/:orgId/api-keys·4 endpoints·Source: mosend-wb-backend/src/modules/api-keys/api-keys.controller.ts
GET/organizations/:orgId/api-keys
bearer

Lista las API keys de la organización (sin el secret).

Path params

  • orgIdstringrequerido

Respuestas

  • 200
curl -X GET 'https://api.mosend.dev/organizations/a1b2c3d4-1234-5678-9abc-def012345678/api-keys' \
  -H 'X-Api-Key: mk_live_<prefix>.<secret>'
Response · 200
{
  "data": [
    {
      "id": "00000000-0000-0000-0000-000000000000",
      "createdAt": "2026-05-01T03:42:18.123Z"
    }
  ],
  "timestamp": "2026-05-01T03:42:18.123Z"
}
POST/organizations/:orgId/api-keys
bearer

Crear API key. Devuelve `secret` UNA sola vez.

Path params

  • orgIdstringrequerido

Body (JSON)

  • namestringrequerido
  • scopesstring[]
  • phoneNumberIdsstring[]

    Restricción opcional a un subconjunto de phone-numbers de la org. Vacío o ausente = la key opera sobre TODOS los phone-numbers (default). Si trae UUIDs, la key SOLO puede enviar/leer de esos números.

Respuestas

  • 201
curl -X POST 'https://api.mosend.dev/organizations/a1b2c3d4-1234-5678-9abc-def012345678/api-keys' \
  -H 'X-Api-Key: mk_live_<prefix>.<secret>' \
  -H 'Content-Type: application/json' \
  -d '{"name": "<name>","scopes": [],"phoneNumberIds": []}'
Response · 200
{
  "data": {
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "Backend producción",
    "scopes": [
      "messages:send",
      "conversations:read"
    ]
  },
  "timestamp": "2026-05-01T03:42:18.123Z"
}
PATCH/organizations/:orgId/api-keys/:id
bearer

Editar API key: scopes y/o nombre. El secret NO se puede tocar — para rotar, revocar y crear otra.

Path params

  • orgIdstringrequerido
  • idstringrequerido

Body (JSON)

  • namestring
  • scopesstring[]
  • phoneNumberIdsstring[]

Respuestas

  • 200
curl -X PATCH 'https://api.mosend.dev/organizations/a1b2c3d4-1234-5678-9abc-def012345678/api-keys/00000000-0000-0000-0000-000000000000' \
  -H 'X-Api-Key: mk_live_<prefix>.<secret>' \
  -H 'Content-Type: application/json' \
  -d '{"name": "<name>","scopes": [],"phoneNumberIds": []}'
Response · 200
{
  "data": {
    "id": "00000000-0000-0000-0000-000000000000",
    "name": "Backend producción",
    "scopes": [
      "messages:send",
      "conversations:read"
    ]
  },
  "timestamp": "2026-05-01T03:42:18.123Z"
}
DELETE/organizations/:orgId/api-keys/:id
bearer

Revoca una API key de forma permanente.

Path params

  • orgIdstringrequerido
  • idstringrequerido

Respuestas

  • 204
curl -X DELETE 'https://api.mosend.dev/organizations/a1b2c3d4-1234-5678-9abc-def012345678/api-keys/00000000-0000-0000-0000-000000000000' \
  -H 'X-Api-Key: mk_live_<prefix>.<secret>'
Response · 200
{
  "data": {
    "id": "00000000-0000-0000-0000-000000000000",
    "createdAt": "2026-05-01T03:42:18.123Z"
  },
  "timestamp": "2026-05-01T03:42:18.123Z"
}