Automation toolings

Developer routes are workspace-scoped and protected by bearer API key authentication.

API keys

Use API key routes to create and revoke workspace API credentials.

Endpoint	Purpose
`GET /v1/api-keys`	List workspace API keys.
`POST /v1/api-keys`	Create an API key.
`POST /v1/api-keys/{apiKeyId}/revoke`	Revoke an API key.

Create an API key with:

{
  "name": "Treasury automation",
  "scopes": ["wallets:read", "transfers:create"],
  "expires_at": "2026-12-31T23:59:59Z"
}

The token is returned only when the key is created. Store it securely. Available scopes:

Use webhook routes to receive signed workspace events.

Endpoint	Purpose
`GET /v1/webhooks`	List webhooks.
`POST /v1/webhooks`	Create a webhook.
`POST /v1/webhooks/{webhookId}/rotate-secret`	Rotate the signing secret.
`POST /v1/webhooks/{webhookId}/disable`	Disable a webhook.
`POST /v1/webhooks/{webhookId}/enable`	Enable a webhook.

Create a webhook with:

{
  "name": "Production events",
  "url": "https://example.com/onstacks/webhooks"
}

The signing secret is returned when you create or rotate the webhook.

Use GET /healthz for liveness and GET /readyz for readiness.

API key and webhook routes accept environment=sandbox or environment=live.

⌘I