API Keys

API keys authenticate your requests to api.withgiga.ai. Keys begin with giga_sk_ followed by 32 hex characters. They are workspace-scoped and rotatable without downtime.
API keys are shown in full only once at creation. Store them securely — in an environment variable or secrets manager, never in source control.

Create a key

POST /api/keys Body 
{
  "name": "Production backend"
}
FieldTypeDescription
namestringA label to identify this key
Response (201) 
{
  "success": true,
  "data": {
    "key": {
      "id": "key_abc123",
      "name": "Production backend",
      "secret": "giga_sk_a1b2c3d4e5f6...",
      "createdAt": "2024-03-16T12:00:00.000Z"
    }
  }
}
The secret field is returned only on creation. You cannot retrieve it again — if lost, revoke the key and create a new one.

List keys

GET /api/keys Response (200) 
{
  "success": true,
  "data": {
    "keys": [
      {
        "id": "key_abc123",
        "name": "Production backend",
        "lastUsedAt": "2024-03-16T12:00:00.000Z",
        "createdAt": "2024-03-16T12:00:00.000Z"
      }
    ]
  }
}
Note that secret is not returned in list responses — only metadata.

Revoke a key

Immediately invalidates the key. Any in-flight requests using this key will fail. DELETE /api/keys/{id} Response (200) 
{
  "success": true,
  "message": "API key revoked"
}

Key rotation

To rotate a key with zero downtime:
  1. Create a new key via POST /api/keys
  2. Update your application to use the new key
  3. Verify the new key is working
  4. Revoke the old key via DELETE /api/keys/{id}