The API Keys page at /dashboard/api-keys manages keys that let external systems (CRMs) trigger outbound calls without a JWT. It includes a create-key modal and a one-time key-created reveal modal.

Key table

Loaded from GET /api/v1/api-keys, the DataTable shows:
ColumnSource
Namekey.name
Keykey_prefix followed by •••• (full key never re-shown)
StatusActive / Expired / Inactive badge
Expiresexpires_at
Last Usedrelative time of last_used_at
Createdcreated_at
Actionsactivate/deactivate toggle, delete
Status is computed by getStatus: inactive keys are Inactive (danger), keys past expires_at are Expired (neutral), otherwise Active (success). A search box filters by name or key prefix.

Lifecycle

ActionEndpoint
CreatePOST /api/v1/api-keys
Toggle activePATCH /api/v1/api-keys/{id} with is_active
DeleteDELETE /api/v1/api-keys/{id} (confirm dialog)

Create and one-time reveal

The create-key modal collects a required Name and an optional Expires At date (blank = no expiry), then POSTs to /api/v1/api-keys. The response includes the full key, which is handed to the key-created modal.
The key-created modal is the only place the full key is ever shown. It warns “This key won’t be shown again” and offers copy-to-clipboard. After closing, only the vx_xxxx•••• prefix remains visible in the table.
Deleting a key immediately revokes access for any system using it — the confirm dialog states this explicitly.

API keys (CXB API)

Key hashing, dual auth, and enforcement.

Dialout API

Triggering outbound calls with an API key.

Users

Human user accounts and roles.