Daytona API Keys API
Create, list, rotate, and revoke organization-scoped API keys used to authenticate requests against the Daytona platform. API keys are bearer tokens passed as Authorization headers and can be scoped by role and permissions.
OpenAPI Specification
openapi: 3.1.0
paths:
/api-keys:
post:
operationId: createApiKey
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateApiKey'
responses:
'201':
description: API key created successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiKeyResponse'
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: Create API key
tags:
- api-keys
get:
operationId: listApiKeys
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
responses:
'200':
description: API keys retrieved successfully.
content:
application/json:
schema:
type: array
items:
$ref: '#/components/schemas/ApiKeyList'
'500':
description: Error fetching API keys.
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: List API keys
tags:
- api-keys
/api-keys/current:
get:
operationId: getCurrentApiKey
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
responses:
'200':
description: API key retrieved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiKeyList'
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: Get current API key's details
tags:
- api-keys
/api-keys/{name}:
get:
operationId: getApiKey
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
- name: name
required: true
in: path
schema:
type: string
responses:
'200':
description: API key retrieved successfully.
content:
application/json:
schema:
$ref: '#/components/schemas/ApiKeyList'
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: Get API key
tags:
- api-keys
delete:
operationId: deleteApiKey
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
- name: name
required: true
in: path
schema:
type: string
responses:
'204':
description: API key deleted successfully.
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: Delete API key
tags:
- api-keys
/api-keys/{userId}/{name}:
delete:
operationId: deleteApiKeyForUser
parameters:
- name: X-Daytona-Organization-ID
in: header
description: Use with JWT to specify the organization ID
required: false
schema:
type: string
- name: userId
required: true
in: path
schema:
type: string
- name: name
required: true
in: path
schema:
type: string
responses:
'204':
description: API key deleted successfully.
security:
- bearer: []
- oauth2:
- openid
- profile
- email
summary: Delete API key for user
tags:
- api-keys
info:
title: Daytona Api Keys API
description: "Daytona Api Keys API \u2014 api-keys operations on the Daytona AI platform."
version: '1.0'
contact:
name: Daytona Platforms Inc.
url: https://www.daytona.io
email: support@daytona.com
license:
name: Apache-2.0
url: https://www.apache.org/licenses/LICENSE-2.0
tags: []
servers:
- url: https://app.daytona.io/api
description: Daytona Cloud production API
components:
securitySchemes:
bearer:
scheme: bearer
bearerFormat: JWT
type: http
description: API Key access
oauth2:
type: openIdConnect
openIdConnectUrl: http://localhost:3000/.well-known/openid-configuration
schemas:
Announcement:
type: object
properties:
text:
type: string
description: The announcement text
example: New feature available!
learnMoreUrl:
type: string
description: URL to learn more about the announcement
example: https://example.com/learn-more
required:
- text
PosthogConfig:
type: object
properties:
apiKey:
type: string
description: PostHog API key
example: phc_abc123
host:
type: string
description: PostHog host URL
example: https://app.posthog.com
required:
- apiKey
- host
OidcConfig:
type: object
properties:
issuer:
type: string
description: OIDC issuer
example: https://auth.example.com
clientId:
type: string
description: OIDC client ID
example: daytona-client
audience:
type: string
description: OIDC audience
example: daytona-api
required:
- issuer
- clientId
- audience
RateLimitEntry:
type: object
properties:
ttl:
type: number
description: Rate limit TTL in seconds
example: 60
limit:
type: number
description: Rate limit max requests
example: 100
RateLimitConfig:
type: object
properties:
failedAuth:
description: Failed authentication rate limit
allOf:
- $ref: '#/components/schemas/RateLimitEntry'
authenticated:
description: Authenticated rate limit
allOf:
- $ref: '#/components/schemas/RateLimitEntry'
sandboxCreate:
description: Sandbox create rate limit
allOf:
- $ref: '#/components/schemas/RateLimitEntry'
sandboxLifecycle:
description: Sandbox lifecycle rate limit
allOf:
- $ref: '#/components/schemas/RateLimitEntry'
DaytonaConfiguration:
type: object
properties:
version:
type: string
description: Daytona version
example: 0.0.1
posthog:
description: PostHog configuration
allOf:
- $ref: '#/components/schemas/PosthogConfig'
oidc:
description: OIDC configuration
allOf:
- $ref: '#/components/schemas/OidcConfig'
linkedAccountsEnabled:
type: boolean
description: Whether linked accounts are enabled
example: true
announcements:
type: object
description: System announcements
additionalProperties:
$ref: '#/components/schemas/Announcement'
example:
feature-update:
text: New feature available!
learnMoreUrl: https://example.com
pylonAppId:
type: string
description: Pylon application ID
example: pylon-app-123
proxyTemplateUrl:
type: string
description: Proxy template URL
example: https://{{PORT}}-{{sandboxId}}.proxy.example.com
proxyToolboxUrl:
type: string
description: Toolbox template URL
example: https://proxy.example.com/toolbox
defaultSnapshot:
type: string
description: Default snapshot for sandboxes
example: ubuntu:22.04
dashboardUrl:
type: string
description: Dashboard URL
example: https://dashboard.example.com
maxAutoArchiveInterval:
type: number
description: Maximum auto-archive interval in minutes
example: 43200
maintananceMode:
type: boolean
description: Whether maintenance mode is enabled
example: false
environment:
type: string
description: Current environment
example: production
billingApiUrl:
type: string
description: Billing API URL
example: https://billing.example.com
analyticsApiUrl:
type: string
description: Analytics API URL
example: https://analytics.example.com
sshGatewayCommand:
type: string
description: SSH Gateway command
example: ssh -p 2222 {{TOKEN}}@localhost
sshGatewayPublicKey:
type: string
description: Base64 encoded SSH Gateway public key
example: ssh-gateway-public-key
rateLimit:
description: Rate limit configuration
allOf:
- $ref: '#/components/schemas/RateLimitConfig'
required:
- version
- oidc
- linkedAccountsEnabled
- announcements
- proxyTemplateUrl
- proxyToolboxUrl
- defaultSnapshot
- dashboardUrl
- maxAutoArchiveInterval
- maintananceMode
- environment
CreateApiKey:
type: object
properties:
name:
type: string
description: The name of the API key
example: My API Key
permissions:
type: array
description: The list of organization resource permissions explicitly assigned to the API key
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
expiresAt:
format: date-time
type: string
description: When the API key expires
example: '2025-06-09T12:00:00.000Z'
nullable: true
required:
- name
- permissions
ApiKeyResponse:
type: object
properties:
name:
type: string
description: The name of the API key
example: My API Key
value:
type: string
description: The API key value
example: bb_sk_1234567890abcdef
createdAt:
format: date-time
type: string
description: When the API key was created
example: '2024-03-14T12:00:00.000Z'
permissions:
type: array
description: The list of organization resource permissions assigned to the API key
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
expiresAt:
format: date-time
type: string
description: When the API key expires
example: '2025-06-09T12:00:00.000Z'
nullable: true
required:
- name
- value
- createdAt
- permissions
- expiresAt
ApiKeyList:
type: object
properties:
name:
type: string
description: The name of the API key
example: My API Key
value:
type: string
description: The masked API key value
example: bb_********************def
createdAt:
format: date-time
type: string
description: When the API key was created
example: '2024-03-14T12:00:00.000Z'
permissions:
type: array
description: The list of organization resource permissions assigned to the API key
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
lastUsedAt:
format: date-time
type: string
description: When the API key was last used
example: '2024-03-14T12:00:00.000Z'
nullable: true
expiresAt:
format: date-time
type: string
description: When the API key expires
example: '2024-03-14T12:00:00.000Z'
nullable: true
userId:
type: string
description: The user ID of the user who created the API key
example: '123'
required:
- name
- value
- createdAt
- permissions
- lastUsedAt
- expiresAt
- userId
OrganizationRole:
type: object
properties:
id:
type: string
description: Role ID
name:
type: string
description: Role name
description:
type: string
description: Role description
permissions:
type: array
description: Roles assigned to the user
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
isGlobal:
type: boolean
description: Global role flag
createdAt:
format: date-time
type: string
description: Creation timestamp
updatedAt:
format: date-time
type: string
description: Last update timestamp
required:
- id
- name
- description
- permissions
- isGlobal
- createdAt
- updatedAt
OrganizationInvitation:
type: object
properties:
id:
type: string
description: Invitation ID
email:
type: string
description: Email address of the invitee
invitedBy:
type: string
description: Email address of the inviter
organizationId:
type: string
description: Organization ID
organizationName:
type: string
description: Organization name
expiresAt:
format: date-time
type: string
description: Expiration date of the invitation
status:
type: string
description: Invitation status
enum:
- pending
- accepted
- declined
- cancelled
role:
type: string
description: Member role
enum:
- owner
- member
assignedRoles:
description: Assigned roles
type: array
items:
$ref: '#/components/schemas/OrganizationRole'
createdAt:
format: date-time
type: string
description: Creation timestamp
updatedAt:
format: date-time
type: string
description: Last update timestamp
required:
- id
- email
- invitedBy
- organizationId
- organizationName
- expiresAt
- status
- role
- assignedRoles
- createdAt
- updatedAt
CreateOrganization:
type: object
properties:
name:
type: string
description: The name of organization
example: My Organization
defaultRegionId:
type: string
description: The ID of the default region for the organization
example: us
required:
- name
- defaultRegionId
OtelConfig:
type: object
properties:
endpoint:
type: string
description: Endpoint
headers:
type: object
description: Headers
example:
x-api-key: my-api-key
nullable: true
additionalProperties:
type: string
required:
- endpoint
Organization:
type: object
properties:
id:
type: string
description: Organization ID
name:
type: string
description: Organization name
createdBy:
type: string
description: User ID of the organization creator
personal:
type: boolean
description: Personal organization flag
createdAt:
format: date-time
type: string
description: Creation timestamp
updatedAt:
format: date-time
type: string
description: Last update timestamp
suspended:
type: boolean
description: Suspended flag
suspendedAt:
format: date-time
type: string
description: Suspended at
suspensionReason:
type: string
description: Suspended reason
suspendedUntil:
format: date-time
type: string
description: Suspended until
suspensionCleanupGracePeriodHours:
type: number
description: Suspension cleanup grace period hours
maxCpuPerSandbox:
type: number
description: Max CPU per sandbox
maxMemoryPerSandbox:
type: number
description: Max memory per sandbox
maxDiskPerSandbox:
type: number
description: Max disk per sandbox
snapshotDeactivationTimeoutMinutes:
type: number
description: Time in minutes before an unused snapshot is deactivated
default: 20160
sandboxLimitedNetworkEgress:
type: boolean
description: Sandbox default network block all
defaultRegionId:
type: string
description: Default region ID
authenticatedRateLimit:
type: number
description: Authenticated rate limit per minute
nullable: true
sandboxCreateRateLimit:
type: number
description: Sandbox create rate limit per minute
nullable: true
sandboxLifecycleRateLimit:
type: number
description: Sandbox lifecycle rate limit per minute
nullable: true
experimentalConfig:
type: object
description: Experimental configuration
otelConfig:
description: OpenTelemetry collection configuration
nullable: true
allOf:
- $ref: '#/components/schemas/OtelConfig'
authenticatedRateLimitTtlSeconds:
type: number
description: Authenticated rate limit TTL in seconds
nullable: true
sandboxCreateRateLimitTtlSeconds:
type: number
description: Sandbox create rate limit TTL in seconds
nullable: true
sandboxLifecycleRateLimitTtlSeconds:
type: number
description: Sandbox lifecycle rate limit TTL in seconds
nullable: true
required:
- id
- name
- createdBy
- personal
- createdAt
- updatedAt
- suspended
- suspendedAt
- suspensionReason
- suspendedUntil
- suspensionCleanupGracePeriodHours
- maxCpuPerSandbox
- maxMemoryPerSandbox
- maxDiskPerSandbox
- snapshotDeactivationTimeoutMinutes
- sandboxLimitedNetworkEgress
- authenticatedRateLimit
- sandboxCreateRateLimit
- sandboxLifecycleRateLimit
- experimentalConfig
- otelConfig
- authenticatedRateLimitTtlSeconds
- sandboxCreateRateLimitTtlSeconds
- sandboxLifecycleRateLimitTtlSeconds
UpdateOrganizationDefaultRegion:
type: object
properties:
defaultRegionId:
type: string
description: The ID of the default region for the organization
example: us
required:
- defaultRegionId
RegionUsageOverview:
type: object
properties:
regionId:
type: string
totalCpuQuota:
type: number
currentCpuUsage:
type: number
totalMemoryQuota:
type: number
currentMemoryUsage:
type: number
totalDiskQuota:
type: number
currentDiskUsage:
type: number
maxCpuPerSandbox:
type: number
nullable: true
maxMemoryPerSandbox:
type: number
nullable: true
maxDiskPerSandbox:
type: number
nullable: true
maxDiskPerNonEphemeralSandbox:
type: number
nullable: true
required:
- regionId
- totalCpuQuota
- currentCpuUsage
- totalMemoryQuota
- currentMemoryUsage
- totalDiskQuota
- currentDiskUsage
- maxCpuPerSandbox
- maxMemoryPerSandbox
- maxDiskPerSandbox
- maxDiskPerNonEphemeralSandbox
OrganizationUsageOverview:
type: object
properties:
regionUsage:
type: array
items:
$ref: '#/components/schemas/RegionUsageOverview'
totalSnapshotQuota:
type: number
currentSnapshotUsage:
type: number
totalVolumeQuota:
type: number
currentVolumeUsage:
type: number
required:
- regionUsage
- totalSnapshotQuota
- currentSnapshotUsage
- totalVolumeQuota
- currentVolumeUsage
UpdateOrganizationQuota:
type: object
properties:
maxCpuPerSandbox:
type: number
nullable: true
maxMemoryPerSandbox:
type: number
nullable: true
maxDiskPerSandbox:
type: number
nullable: true
snapshotQuota:
type: number
nullable: true
maxSnapshotSize:
type: number
nullable: true
volumeQuota:
type: number
nullable: true
authenticatedRateLimit:
type: number
nullable: true
sandboxCreateRateLimit:
type: number
nullable: true
sandboxLifecycleRateLimit:
type: number
nullable: true
authenticatedRateLimitTtlSeconds:
type: number
nullable: true
sandboxCreateRateLimitTtlSeconds:
type: number
nullable: true
sandboxLifecycleRateLimitTtlSeconds:
type: number
nullable: true
snapshotDeactivationTimeoutMinutes:
type: number
nullable: true
description: Time in minutes before an unused snapshot is deactivated
required:
- maxCpuPerSandbox
- maxMemoryPerSandbox
- maxDiskPerSandbox
- snapshotQuota
- maxSnapshotSize
- volumeQuota
- authenticatedRateLimit
- sandboxCreateRateLimit
- sandboxLifecycleRateLimit
- authenticatedRateLimitTtlSeconds
- sandboxCreateRateLimitTtlSeconds
- sandboxLifecycleRateLimitTtlSeconds
- snapshotDeactivationTimeoutMinutes
UpdateOrganizationRegionQuota:
type: object
properties:
totalCpuQuota:
type: number
nullable: true
totalMemoryQuota:
type: number
nullable: true
totalDiskQuota:
type: number
nullable: true
maxCpuPerSandbox:
type: number
nullable: true
maxMemoryPerSandbox:
type: number
nullable: true
maxDiskPerSandbox:
type: number
nullable: true
maxDiskPerNonEphemeralSandbox:
type: number
nullable: true
required:
- totalCpuQuota
- totalMemoryQuota
- totalDiskQuota
OrganizationSuspension:
type: object
properties:
reason:
type: string
description: Suspension reason
until:
format: date-time
type: string
description: Suspension until
suspensionCleanupGracePeriodHours:
type: number
description: Suspension cleanup grace period hours
minimum: 0
required:
- reason
- until
OrganizationSandboxDefaultLimitedNetworkEgress:
type: object
properties:
sandboxDefaultLimitedNetworkEgress:
type: boolean
description: Sandbox default limited network egress
required:
- sandboxDefaultLimitedNetworkEgress
CreateOrganizationRole:
type: object
properties:
name:
type: string
description: The name of the role
example: Maintainer
description:
type: string
description: The description of the role
example: Can manage all resources
permissions:
type: array
description: The list of permissions assigned to the role
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
required:
- name
- description
- permissions
UpdateOrganizationRole:
type: object
properties:
name:
type: string
description: The name of the role
example: Maintainer
description:
type: string
description: The description of the role
example: Can manage all resources
permissions:
type: array
description: The list of permissions assigned to the role
items:
type: string
enum:
- write:registries
- delete:registries
- write:snapshots
- delete:snapshots
- write:sandboxes
- delete:sandboxes
- read:volumes
- write:volumes
- delete:volumes
- write:regions
- delete:regions
- read:runners
- write:runners
- delete:runners
- read:audit_logs
required:
- name
- description
- permissions
OrganizationUser:
type: object
properties:
userId:
type: string
description: User ID
organizationId:
type: string
description: Organization ID
name:
type: string
description: User name
email:
type: string
description: User email
role:
type: string
description: Member role
enum:
- owner
- member
assignedRoles:
description: Roles assigned to the user
type: array
items:
$ref: '#/components/schemas/OrganizationRole'
createdAt:
format: date-time
type: string
description: Creation timestamp
updatedAt:
format: date-time
type: string
description: Last update timestamp
required:
- userId
- organizationId
- name
- email
- role
- assignedRoles
- createdAt
- updatedAt
UpdateOrganizationMemberAccess:
type: object
properties:
role:
type: string
description: Organization member role
enum:
- owner
- member
default: member
assignedRoleIds:
description: Array of assigned role IDs
default:
- 00000000-0000-0000-0000-000000000001
type: array
items:
type: string
required:
- role
- assignedRoleIds
CreateOrganizationInvitation:
type: object
properties:
email:
type: string
description: Email address of the invitee
example: mail@example.com
role:
type: string
description: Organization member role for the invitee
enum:
- owner
- member
default: member
assignedRoleIds:
description: Array of assigned role IDs for the invitee
default:
- 00000000-0000-0000-0000-000000000001
type: array
items:
type: string
expiresAt:
format: date-time
type: string
description: Expiration date of the invitation
example: '2021-12-31T23:59:59Z'
required:
- email
- role
- assignedRoleIds
UpdateOrganizationInvitation:
type: object
properties:
role:
type: string
description: Organization member role
enum:
- owner
- member
assignedRoleIds:
description: Array of role IDs
type: array
items:
type: string
expiresAt:
format: date-time
type: string
description: Expiration date of the invitation
example: '2021-12-31T23:59:59Z'
required:
- role
- assignedRoleIds
RegionType:
type: string
enum:
- shared
- dedicated
- custom
description: The type of the region
Region:
type: object
properties:
id:
type: string
description: Region ID
example: '123456789012'
name:
type: string
description: Region name
example: us-east-1
organizationId:
type: string
description: Organization ID
example: 123e4567-e89b-12d3-a456-426614174000
nullable: true
regionType:
description: The type of the region
example: shared
allOf:
- $ref: '#/components/schemas/RegionType'
createdAt:
type: string
description: Creation timestamp
example: '2023-01-01T00:00:00.000Z'
updatedAt:
type: string
description: Last update timestamp
example: '2023-01-01T00:00:00.000Z'
proxyUrl:
type: string
description: Proxy URL for the region
example: https://proxy.example.com
nullable: true
sshGatewayUrl:
type: string
description: SSH Gateway URL for the region
example: http://ssh-gateway.example.com
nullable: true
snapshotManagerUrl:
type: string
description: Snapshot Manager URL for the region
example: http://snapshot-manager.example.com
nullable: true
required:
- id
- name
- regionType
- createdAt
- updatedAt
CreateRegion:
# --- truncated at 32 KB (135 KB total) ---
# Full source: https://raw.githubusercontent.com/api-evangelist/daytona-io/refs/heads/main/openapi/daytona-api-keys-api-openapi.yml