Skip to content

USSO API

API Keys

ussoio/usso-sso

API Keys¶

Manage API keys for service accounts.

List API Keys¶

curl -X GET http://localhost:8000/api/sso/v1/apikeys \
  -H "Authorization: Bearer TOKEN"

Get API Key¶

curl -X GET http://localhost:8000/api/sso/v1/apikeys/KEY_ID \
  -H "Authorization: Bearer TOKEN"

Revoke API Key¶

curl -X DELETE http://localhost:8000/api/sso/v1/apikeys/KEY_ID \
  -H "Authorization: Bearer TOKEN"

Key Rotation¶

Create new key
Update services with new key
Wait for propagation
Revoke old key

Security Best Practices¶

Store keys in environment variables
Use different keys per environment
Rotate keys regularly (every 90 days)
Monitor key usage
Revoke unused keys