Backend SDK keys allow your server-side application to log events to Brain on behalf of agents. Each key is scoped to a single project and carries an expiry. The raw key is returned only once in the creation response; after that only the prefix and metadata are stored. Treat the key like a password and store it in a secrets manager or environment variable.
The full SDK key (prefixed otas_...) is shown only in the creation response . It is hashed before storage and cannot be recovered. If you lose the key, revoke it and create a new one.
Only project Admins (privilege=1) can create SDK keys.
Request Method: POSTURL: http://localhost:8000/api/project/v1/sdk/backend/key/create/Authentication: X-OTAS-USER-TOKEN + X-OTAS-PROJECT-ID headersSigned JWT for the authenticated user.
UUID of the project to create the SDK key for.
Body parameters Number of days until the key expires. Must be between 1 and 300.
Response 1 on success, 0 on failure.
backend_sdk_key_created on success.
UUID of the created key record.
Short public identifier for the key (e.g. aBcDeFgH). Safe to log and display.
The full SDK key in the format otas_<prefix>_<secret>. Shown once only — store immediately.
UUID of the project this key belongs to.
Optional name for the key, or null if not set.
ISO 8601 timestamp of key creation.
ISO 8601 timestamp when the key expires.
true immediately after creation.
Example curl --request POST \ --url http://localhost:8000/api/project/v1/sdk/backend/key/create/ \ --header 'Content-Type: application/json' \ --header 'X-OTAS-USER-TOKEN: <your-token>' \ --header 'X-OTAS-PROJECT-ID: b2c3d4e5-f6a7-8901-bcde-f12345678901' \ --data '{ "validity": 90 }'
{ "status" : 1 , "status_description" : "backend_sdk_key_created" , "response_body" : { "id" : "c3d4e5f6-a7b8-9012-cdef-123456789012" , "prefix" : "aBcDeFgH" , "api_key" : "otas_aBcDeFgH_vErYlOnGsEcReTvAlUeHeRe" , "project_id" : "b2c3d4e5-f6a7-8901-bcde-f12345678901" , "name" : null , "created_at" : "2026-04-16T10:00:00.000000+00:00" , "expires_at" : "2026-07-15T10:00:00.000000+00:00" , "active" : true } }
Listing keys To retrieve a list of all SDK keys for a project (without the raw secret), send:
curl --request GET \ --url http://localhost:8000/api/project/v1/sdk/backend/key/list/ \ --header 'X-OTAS-USER-TOKEN: <your-token>' \ --header 'X-OTAS-PROJECT-ID: <project-id>'
The response includes id, prefix, name, created_at, expires_at, active, and revoked_at for each key. Requires Admin privilege.
Revoking a key To revoke an SDK key immediately, send:
curl --request POST \ --url http://localhost:8000/api/project/v1/sdk/backend/key/revoke/ \ --header 'Content-Type: application/json' \ --header 'X-OTAS-USER-TOKEN: <your-token>' \ --header 'X-OTAS-PROJECT-ID: <project-id>' \ --data '{ "sdk_key_id": "<key-uuid>" }'
On success the key’s active flag is set to false and revoked_at is recorded. Requires Admin privilege.
Error responses status_descriptionHTTP status Cause missing_token400 The X-OTAS-USER-TOKEN header was absent. invalid_token401 Token is invalid or expired. missing_headers400 X-OTAS-PROJECT-ID was absent or the user is not a member of the project.sdk_key_creation_failed400 validity field missing, out of range, or non-integer.sdk_key_creation_failed500 Unexpected server-side error during key generation. forbidden403 The authenticated user is not an Admin of the project.