Back to Docs
Recipe

API Keys Management Page

A secure, user-facing dashboard for generating, viewing, and revoking API keys with role-based access controls.

Overview

This recipe delivers a production-ready API keys management interface. Users can create scoped keys, copy them once at creation time, monitor last-used timestamps, and revoke compromised keys instantly. All keys are stored hashed; the plaintext secret is shown exactly once.

UX Flow

1

Generate

Name + scope → one-time reveal

2

Monitor

Last-used, created date, status badge

3

Revoke

One-click revoke with confirmation

Key Components

  • KeyTable — sortable rows with masked keys, status pills, and action menus
  • CreateKeyDialog — modal with scope checkboxes, name input, and one-time copy button
  • RevokeConfirm — inline alert with type-to-confirm for destructive action
  • EmptyState — illustration and CTA when no keys exist

Security Notes

Keys are SHA-256 hashed before storage. The plaintext secret is returned only in the creation response and never stored. All endpoints require session authentication and CSRF tokens. Rate-limit key creation to 10 per hour per user.

Related Recipes

API Key Auth MiddlewareRate LimitingAudit Log Dashboard