docs: add developer and api reference tabs (#190)

* docs: add developer and api reference tabs * fix: remove duplicate image
2026-06-07 07:55:16 +02:00 · 2026-03-14 16:30:02 +05:30 · 2026-03-14 16:30:02 +05:30 · f075bcb623
commit f075bcb623
parent 1b03191cf8
57 changed files with 1609 additions and 57 deletions
--- a/docs/api-reference/api-keys.mdx
+++ b/docs/api-reference/api-keys.mdx
@ -0,0 +1,21 @@
+---
+title: "Overview"
+description: "Create and manage API keys for programmatic access"
+---
+
+API keys authenticate requests from your applications and services. Each key is scoped to your organization — all API calls made with a key create and access resources within that organization.
+
+| Method | Endpoint | Quick Link |
+|---|---|---|
+| `POST` | `/user/api-keys` | [Create an API key](/api-reference/api-keys/create) |
+| `GET` | `/user/api-keys` | [List API keys](/api-reference/api-keys/list) |
+| `DELETE` | `/user/api-keys/{api_key_id}` | [Archive an API key](/api-reference/api-keys/archive) |
+| `PUT` | `/user/api-keys/{api_key_id}/reactivate` | [Reactivate an API key](/api-reference/api-keys/reactivate) |
+
+## Best practices
+
+- **Use one key per environment** — separate keys for development, staging, and production make rotation easy and limit blast radius if a key is compromised.
+- **Use one key per service** — this allows you to revoke a single service's access without affecting others.
+- **Rotate keys regularly** — create a new key, update your secret store, then archive the old key.
+- **Never hardcode keys** — use environment variables or a secrets manager. Never commit keys to version control.
+- **Monitor `last_used_at`** — keys with no recent activity may be safe to archive.