Skip to main content

Documentation Index

Fetch the complete documentation index at: https://orbit-docs.devotel.io/llms.txt

Use this file to discover all available pages before exploring further.

Settings API

Workspace settings, API keys, and team membership Base path: /api/v1/settings Endpoint count: 1

Create an API key

POST /api/v1/settings/api-keys
Mint a new tenant API key. The key value is returned ONLY on this response (Cache-Control: no-store) — store it immediately. mode: 'test' activates sandbox-mode (no real provider hits, no billing). Optional per-key allowed_ips enforces an IP allowlist at auth time.
name
string
required
Human-readable label shown in the dashboard. Not used for authentication.
type
string (enum: secret|public)
secret = server-only dv_*_sk_* key; public = browser-safe pk_* key for the embed SDK.
scopes
string[]
API key permission scopes (e.g. messages:write). At least one scope is required for keys minted after 2026-08-01; empty-scope keys are deprecated and treated as least-privilege (viewer) / will be rejected after the grandfather deadline.
mode
string (enum: live|test)
test keys never deliver messages and never bill; useful for CI/staging.
expiresIn
string (enum: never|30d|90d|1y)
allowed_ips
string[]
Optional IP/CIDR allowlist. Auth middleware rejects requests from a non-allowlisted source.
cURL
curl -X POST "https://api.orbit.devotel.io/api/v1/settings/api-keys" \
  -H "X-API-Key: dv_live_sk_your_key_here" \
  -H "Content-Type: application/json" \
  -d '{
  "name": "string"
}'
Node.js
import { Orbit } from '@devotel/orbit-sdk'

const orbit = new Orbit({
  apiKey: process.env.ORBIT_API_KEY!,
})

const res = await fetch('https://api.orbit.devotel.io/api/v1/settings/api-keys', {
  method: 'POST',
  headers: {
    'X-API-Key': process.env.ORBIT_API_KEY!,
    'Content-Type': 'application/json',
  },
  body: JSON.stringify({
  "name": "string"
}),
})
console.log(await res.json())
Python
import os, requests

headers = {"X-API-Key": os.environ["ORBIT_API_KEY"]}
headers["Content-Type"] = "application/json"
r = requests.post("https://api.orbit.devotel.io/api/v1/settings/api-keys", headers=headers, json={
  "name": "string"
})
print(r.json())
Go
package main

import (
	"bytes"
	"net/http"
	"os"
)

func main() {
	req, _ := http.NewRequest("POST", "https://api.orbit.devotel.io/api/v1/settings/api-keys", bytes.NewBuffer([]byte(`{
  "name": "string"
}`)))
	req.Header.Set("X-API-Key", os.Getenv("ORBIT_API_KEY"))
	req.Header.Set("Content-Type", "application/json")
	http.DefaultClient.Do(req)
}
Ruby
require 'net/http'
require 'json'

uri = URI('https://api.orbit.devotel.io/api/v1/settings/api-keys')
req = Net::HTTP::Post.new(uri)
req['X-API-Key'] = ENV['ORBIT_API_KEY']
req['Content-Type'] = 'application/json'
req.body = {
  "name": "string"
}.to_json
res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) { |h| h.request(req) }
puts res.body
PHP
<?php
$ch = curl_init('https://api.orbit.devotel.io/api/v1/settings/api-keys');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'POST');
curl_setopt($ch, CURLOPT_HTTPHEADER, [
  'X-API-Key: ' . getenv('ORBIT_API_KEY'),
  'Content-Type: application/json',
]);
curl_setopt($ch, CURLOPT_POSTFIELDS, <<<JSON
{
  "name": "string"
}
JSON);
echo curl_exec($ch);