API Keys

Rotate an API key with a zero-downtime overlap window

Issue a replacement key with the same label, tier, and permissions as the original, and schedule the original to expire in 24h so a running bot can swap keys without any downtime.

The new raw key is returned once in this response — store it immediately. The old key keeps authenticating until its overlap window closes, then auto-expires (401 KEY_EXPIRED).

The replacement counts against your per-account key limit while the old key is still in its overlap window.

POST

keys

{key_id}

rotate

Rotate an API key with a zero-downtime overlap window

curl --request POST \
  --url https://api.polysimulator.com/v1/keys/{key_id}/rotate \
  --header 'X-API-Key: <api-key>'

{
  "id": 123,
  "raw_key": "<string>",
  "key_prefix": "<string>",
  "rate_limit_tier": "<string>",
  "permissions": [
    "<string>"
  ],
  "created_at": "<string>",
  "name": "<string>"
}

Authorizations

X-API-Key

string

header

required

Issue from /v1/keys (or admin-issued for enterprise tier).

Headers

authorization

string | null

X-API-Key

string | null

POLY_API_KEY

string | null

Poly-API-Key

string | null

Path Parameters

key_id

integer

required

Response

Successful Response

Returned once on creation — the raw key is NOT stored.

integer

required

raw_key

string

required

key_prefix

string

required

rate_limit_tier

string

required

permissions

string[]

required

created_at

string

required

name

string | null

List TiersList all available rate limit tiers. Public read — no authentication required. The tier ladder (rps / rpm / WS conns / batch size) is the documented "authoritative public source" for clients sizing their request cadence, so it must be reachable keyless (PM keeps tier/limit metadata public). The body reads only the ``ApiRateLimit`` rows; it carries no user-scoped data.

Rotate an API key with a zero-downtime overlap window

curl --request POST \
  --url https://api.polysimulator.com/v1/keys/{key_id}/rotate \
  --header 'X-API-Key: <api-key>'

{
  "id": 123,
  "raw_key": "<string>",
  "key_prefix": "<string>",
  "rate_limit_tier": "<string>",
  "permissions": [
    "<string>"
  ],
  "created_at": "<string>",
  "name": "<string>"
}