Admin API Overview

The Admin API provides endpoints for provisioning API keys, listing them, revoking them, and querying usage statistics.

Danger

Admin endpoints grant full control over all API keys. Never expose the admin key in client-side code, logs, screenshots, or chat. Rotate immediately if compromised.

Base URL

https://api.bve.me

Authentication

All admin routes require the admin API key in the Authorization header:

Authorization: Bearer admin_bve_YOUR_ADMIN_KEY

The admin key is the ADMIN_API_KEY secret set on the Cloudflare Worker. It is separate from client API keys (sk-bve-...) and does not follow that format.

Admin endpoints

Method	Path	Description
POST	/admin/api-keys	Create a new API key
GET	/admin/api-keys	List all API keys
POST	/admin/api-keys/:id/revoke	Revoke an API key
GET	/admin/usage	Get usage statistics

Error format

Admin endpoints use the same error envelope as the public API:

{
  "error": {
    "message": "Invalid admin API key",
    "type": "invalid_request_error",
    "code": "invalid_api_key"
  }
}

See Errors for a full reference.