Overview
BYOK endpointsAvailable Operations
- List - List BYOK provider credentials
- Create - Create a BYOK provider credential
- Delete - Delete a BYOK provider credential
- Get - Get a BYOK provider credential
- Update - Update a BYOK provider credential
List
List the bring-your-own-key (BYOK) provider credentials for the authenticated entity’s default workspace. Use theworkspace_id query parameter to scope the result to a different workspace, or the provider query parameter to filter by upstream provider. Management key required.
Example Usage
Parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
ctx | context.Context | :heavy_check_mark: | The context to use for the request. | |
offset | optionalnullable.OptionalNullable[int64] | :heavy_minus_sign: | Number of records to skip for pagination | 0 |
limit | *int64 | :heavy_minus_sign: | Maximum number of records to return (max 100) | 50 |
workspaceID | *string | :heavy_minus_sign: | Optional workspace ID to filter by. Defaults to the authenticated entity’s default workspace. | 550e8400-e29b-41d4-a716-446655440000 |
provider | *operations.Provider | :heavy_minus_sign: | Optional provider slug to filter by (e.g. openai, anthropic, amazon-bedrock). | openai |
opts | []operations.Option | :heavy_minus_sign: | The options for this request. |
Response
*operations.ListBYOKKeysResponse, errorErrors
| Error Type | Status Code | Content Type |
|---|---|---|
| sdkerrors.UnauthorizedResponseError | 401 | application/json |
| sdkerrors.InternalServerResponseError | 500 | application/json |
| sdkerrors.APIError | 4XX, 5XX | */* |
Create
Create a new bring-your-own-key (BYOK) provider credential. The raw key is encrypted at rest and never returned in API responses. Defaults to the authenticated entity’s default workspace; use theworkspace_id body field to scope to a different workspace. Treat the raw key as write-only; it is never returned after creation. Management key required.
Example Usage
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
ctx | context.Context | :heavy_check_mark: | The context to use for the request. |
request | components.CreateBYOKKeyRequest | :heavy_check_mark: | The request object to use for the request. |
opts | []operations.Option | :heavy_minus_sign: | The options for this request. |
Response
*components.CreateBYOKKeyResponse, errorErrors
| Error Type | Status Code | Content Type |
|---|---|---|
| sdkerrors.BadRequestResponseError | 400 | application/json |
| sdkerrors.UnauthorizedResponseError | 401 | application/json |
| sdkerrors.ForbiddenResponseError | 403 | application/json |
| sdkerrors.InternalServerResponseError | 500 | application/json |
| sdkerrors.APIError | 4XX, 5XX | */* |
Delete
Delete (soft-delete) a bring-your-own-key (BYOK) provider credential by itsid. The encrypted key material is wiped and the record is marked as deleted. Management key required.
Example Usage
Parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
ctx | context.Context | :heavy_check_mark: | The context to use for the request. | |
id | string | :heavy_check_mark: | The BYOK credential ID (UUID). | 11111111-2222-3333-4444-555555555555 |
opts | []operations.Option | :heavy_minus_sign: | The options for this request. |
Response
*components.DeleteBYOKKeyResponse, errorErrors
| Error Type | Status Code | Content Type |
|---|---|---|
| sdkerrors.UnauthorizedResponseError | 401 | application/json |
| sdkerrors.NotFoundResponseError | 404 | application/json |
| sdkerrors.InternalServerResponseError | 500 | application/json |
| sdkerrors.APIError | 4XX, 5XX | */* |
Get
Get a single bring-your-own-key (BYOK) provider credential by itsid. Management key required.
Example Usage
Parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
ctx | context.Context | :heavy_check_mark: | The context to use for the request. | |
id | string | :heavy_check_mark: | The BYOK credential ID (UUID). | 11111111-2222-3333-4444-555555555555 |
opts | []operations.Option | :heavy_minus_sign: | The options for this request. |
Response
*components.GetBYOKKeyResponse, errorErrors
| Error Type | Status Code | Content Type |
|---|---|---|
| sdkerrors.UnauthorizedResponseError | 401 | application/json |
| sdkerrors.NotFoundResponseError | 404 | application/json |
| sdkerrors.InternalServerResponseError | 500 | application/json |
| sdkerrors.APIError | 4XX, 5XX | */* |
Update
Update an existing bring-your-own-key (BYOK) provider credential by itsid. Include the key field to rotate the raw provider API key in-place (the previous key material is overwritten). Management key required.
Example Usage
Parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
ctx | context.Context | :heavy_check_mark: | The context to use for the request. | |
id | string | :heavy_check_mark: | The BYOK credential ID (UUID). | 11111111-2222-3333-4444-555555555555 |
updateBYOKKeyRequest | components.UpdateBYOKKeyRequest | :heavy_check_mark: | N/A | { “disabled”: false, “name”: “Updated OpenAI Key” } |
opts | []operations.Option | :heavy_minus_sign: | The options for this request. |
Response
*components.UpdateBYOKKeyResponse, errorErrors
| Error Type | Status Code | Content Type |
|---|---|---|
| sdkerrors.BadRequestResponseError | 400 | application/json |
| sdkerrors.UnauthorizedResponseError | 401 | application/json |
| sdkerrors.NotFoundResponseError | 404 | application/json |
| sdkerrors.InternalServerResponseError | 500 | application/json |
| sdkerrors.APIError | 4XX, 5XX | */* |