Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/Vedant-Jayesh-Oza/otas/llms.txt

Use this file to discover all available pages before exploring further.

Backend SDK keys allow your server-side application to log events to Brain on behalf of agents. Each key is scoped to a single project and carries an expiry. The raw key is returned only once in the creation response; after that only the prefix and metadata are stored. Treat the key like a password and store it in a secrets manager or environment variable.
The full SDK key (prefixed otas_...) is shown only in the creation response. It is hashed before storage and cannot be recovered. If you lose the key, revoke it and create a new one.
Only project Admins (privilege=1) can create SDK keys.

Request

Method: POST
URL: http://localhost:8000/api/project/v1/sdk/backend/key/create/
Authentication: X-OTAS-USER-TOKEN + X-OTAS-PROJECT-ID headers

Headers

X-OTAS-USER-TOKEN
string
required
Signed JWT for the authenticated user.
X-OTAS-PROJECT-ID
string
required
UUID of the project to create the SDK key for.

Body parameters

validity
integer
required
Number of days until the key expires. Must be between 1 and 300.

Response

status
integer
required
1 on success, 0 on failure.
status_description
string
required
backend_sdk_key_created on success.
response_body
object

Example

curl --request POST \
  --url http://localhost:8000/api/project/v1/sdk/backend/key/create/ \
  --header 'Content-Type: application/json' \
  --header 'X-OTAS-USER-TOKEN: <your-token>' \
  --header 'X-OTAS-PROJECT-ID: b2c3d4e5-f6a7-8901-bcde-f12345678901' \
  --data '{
    "validity": 90
  }'

{
  "status": 1,
  "status_description": "backend_sdk_key_created",
  "response_body": {
    "id": "c3d4e5f6-a7b8-9012-cdef-123456789012",
    "prefix": "aBcDeFgH",
    "api_key": "otas_aBcDeFgH_vErYlOnGsEcReTvAlUeHeRe",
    "project_id": "b2c3d4e5-f6a7-8901-bcde-f12345678901",
    "name": null,
    "created_at": "2026-04-16T10:00:00.000000+00:00",
    "expires_at": "2026-07-15T10:00:00.000000+00:00",
    "active": true
  }
}

Listing keys

To retrieve a list of all SDK keys for a project (without the raw secret), send:
cURL
curl --request GET \
  --url http://localhost:8000/api/project/v1/sdk/backend/key/list/ \
  --header 'X-OTAS-USER-TOKEN: <your-token>' \
  --header 'X-OTAS-PROJECT-ID: <project-id>'
The response includes id, prefix, name, created_at, expires_at, active, and revoked_at for each key. Requires Admin privilege.

Revoking a key

To revoke an SDK key immediately, send:
cURL
curl --request POST \
  --url http://localhost:8000/api/project/v1/sdk/backend/key/revoke/ \
  --header 'Content-Type: application/json' \
  --header 'X-OTAS-USER-TOKEN: <your-token>' \
  --header 'X-OTAS-PROJECT-ID: <project-id>' \
  --data '{ "sdk_key_id": "<key-uuid>" }'
On success the key’s active flag is set to false and revoked_at is recorded. Requires Admin privilege.

Error responses

status_descriptionHTTP statusCause
missing_token400The X-OTAS-USER-TOKEN header was absent.
invalid_token401Token is invalid or expired.
missing_headers400X-OTAS-PROJECT-ID was absent or the user is not a member of the project.
sdk_key_creation_failed400validity field missing, out of range, or non-integer.
sdk_key_creation_failed500Unexpected server-side error during key generation.
forbidden403The authenticated user is not an Admin of the project.

Build docs developers (and LLMs) love

Get started for freeTalk to us