client.apiKeys

client.apiKeys wraps /api/v1/org/api-keys/* — programmatic API-key management for the calling organization. Only Owners and Admins can call these endpoints. See the matching REST documentation at API keys and the scope catalogue at Authentication.

HTTP-level failures surface as EBonApiError — see SDK errors and the REST error reference.

client.apiKeys.list()

List all API keys.

async list(): Promise<ApiKey[]>

No parameters. Returns an array of ApiKey. Raw secrets are never returned by this endpoint — only by create.

const keys = await client.apiKeys.list();

client.apiKeys.create(body)

Create a new API key. Returns the raw key (shown only once).

async create(body: CreateApiKeyBody): Promise<CreateApiKeyResult>

Returns { key: ApiKey, rawKey: string }. The rawKey follows the ebon_live_<orgId>_<32-hex> format and is shown once.

const { key, rawKey } = await client.apiKeys.create({
  label: 'POS prod',
  scopes: ['receipts:write', 'devices:read'],
});
console.log(rawKey); // store it!

client.apiKeys.update(id, body)

Update an API key (label, active).

async update(id: string, body: UpdateApiKeyBody): Promise<ApiKey>

Returns the updated ApiKey.

await client.apiKeys.update('key_01HZ...', { active: false });

client.apiKeys.delete(id)

Delete an API key.

async delete(id: string): Promise<undefined>

Returns undefined on success. Subsequent requests with the deleted key fail 401 UNAUTHORIZED.

await client.apiKeys.delete('key_01HZ...');