A venture self-manages through endpoints authenticated by its API key. Admins can manage
any venture by id.
Your venture
# View
curl -H "X-API-Key: sk_live_…" http://localhost:8080/api/v1/me
# Rename and/or rotate the API key (old key stops working immediately)
curl -X PATCH http://localhost:8080/api/v1/me \
-H "X-API-Key: sk_live_…" -H 'Content-Type: application/json' \
-d '{"name":"New Name","rotate_api_key":true}'
rotate_api_key is true, the response returns the new api_key once.
Webhook endpoints
A venture can register several endpoints; each has its own signing secret.
# Add — returns `secret` ONCE
curl -X POST http://localhost:8080/api/v1/webhook-endpoints \
-H "X-API-Key: sk_live_…" -H 'Content-Type: application/json' \
-d '{"url":"https://your-app.example/webhooks"}'
# List (secrets are never returned)
curl -H "X-API-Key: sk_live_…" http://localhost:8080/api/v1/webhook-endpoints
# Update URL / status, or rotate the secret (returns the new secret once)
curl -X PATCH http://localhost:8080/api/v1/webhook-endpoints/ENDPOINT_ID \
-H "X-API-Key: sk_live_…" -H 'Content-Type: application/json' \
-d '{"rotate_secret":true}'
# Remove
curl -X DELETE http://localhost:8080/api/v1/webhook-endpoints/ENDPOINT_ID \
-H "X-API-Key: sk_live_…"
{"status":"DISABLED"} to pause an endpoint without deleting it. See
Webhooks for the payload and signature format.
Admin
Provisioning and cross-venture management is done by admins:
POST /api/v1/ventures — create a venture (returns its API key once).PATCH /api/v1/ventures/{id} — update name/status or rotate the key.POST|GET|PATCH|DELETE /api/v1/ventures/{id}/webhook-endpoints[/{endpoint_id}] — manage a venture’s endpoints.
Admin endpoints are intended for internal/operator use and should sit behind an admin
guard before production.