Developer API Keys
Create and manage API keys for programmatic access to Travelmode.
List API Keys
Get all API keys for the current user.
Endpoint: GET /api/developer/keys
Response:
[
{
"id": 1,
"name": "Production App",
"keyPrefix": "tm_abc...",
"scopes": ["read", "write"],
"createdAt": "2024-01-15T10:00:00Z",
"lastUsedAt": "2024-01-20T14:30:00Z",
"expiresAt": null
}
]
Note: Full key values are only shown once at creation.
Create API Key
Create a new API key.
Endpoint: POST /api/developer/keys
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Key name for identification |
scopes | array | Yes | Permissions: read, write, delete |
expiresAt | string | No | Expiration date (ISO 8601) |
curl -X POST "https://travelmode2.replit.app/api/developer/keys" \
-H "Authorization: Bearer tm_existing_key" \
-H "Content-Type: application/json" \
-d '{
"name": "My New App",
"scopes": ["read", "write"]
}'
Response:
{
"id": 2,
"name": "My New App",
"key": "tm_abc123def456...",
"scopes": ["read", "write"],
"createdAt": "2024-01-21T10:00:00Z"
}
Important: The full key value is only returned once. Store it securely!
Revoke API Key
Revoke an API key immediately.
Endpoint: DELETE /api/developer/keys/{keyId}
curl -X DELETE "https://travelmode2.replit.app/api/developer/keys/2" \
-H "Authorization: Bearer tm_your_api_key"
Response: 204 No Content
Key Security Best Practices
- Never commit keys to version control
- Use environment variables to store keys
- Set expiration dates for temporary access
- Use minimum required scopes for each application
- Rotate keys periodically for enhanced security
- Revoke immediately if a key is compromised
Key Prefixes
All Travelmode API keys start with tm_ prefix for easy identification.