Thrive AI Health
Api reference

List tenant keys (metadata only — no secrets)

Paginated list of tenant keys. `include_revoked=true` includes revoked rows (default excludes them). `is_current=true` flags the key that authenticated the current request — partners use this to identify which key not to revoke.

GET
/v1/admin/org/tenant-keys

Query Parameters

include_revoked?Include Revoked
Defaultfalse
limit?Limit
Default25
Range1 <= value <= 100
offset?Offset
Default0
Range0 <= value

Header Parameters

org-id?string|null
x-user-id?string|null
x-request-id?string|null
traceparent?string|null
Idempotency-Key?|null

Response Body

application/json

application/json

curl -X GET "https://loading/v1/admin/org/tenant-keys"
{
  "data": [
    {
      "id": "string",
      "name": "string",
      "prefix": "string",
      "created_at": "2019-08-24T14:15:22Z",
      "last_used_at": "2019-08-24T14:15:22Z",
      "revoked_at": "2019-08-24T14:15:22Z",
      "expires_at": "2019-08-24T14:15:22Z",
      "is_current": true
    }
  ],
  "pagination": {
    "limit": 25,
    "offset": 0,
    "total": 0
  }
}
{
  "detail": [
    {
      "loc": [
        "string"
      ],
      "msg": "string",
      "type": "string"
    }
  ]
}

Revoke a pending invite

Returns `204 No Content` on success. `409 invite_already_accepted` if the invite has been accepted; `409 invite_already_revoked` if already revoked.

Mint a new taih-tenant-key for the caller's org

The raw `secret` is returned **exactly once** in this response — store it immediately. Subsequent `GET` reads return metadata only. For zero-downtime rotation of a single active key, prefer `POST /v1/auth/tenant-key/rotate` (Identity service); these CRUD endpoints support multi-key topologies (e.g. one key per backend service).