Skip to content

ApiKey

API key for scripts and integrations.

Attributes:
key_hash: Argon2 hash of the API key (excluded from serialization)
user_id: Owner of the key
name: Human-readable label for the key
scopes: Optional permission scopes (e.g., ["read", "write"])
expires_at: Optional expiration date
last_used_at: Last time the key was used (for auditing)
is_active: Whether the key is currently active
Security:
- key_hash is excluded from model_dump() and model_dump_json()
- Never store or return plaintext keys
- Raw key is only shown once at creation time
Example:
key = ApiKey(
key_hash="$argon2id$v=19$...",
user_id="user-123",
name="Production Deployment",
scopes=["deploy"],
expires_at=datetime(2025, 12, 31),
)

Source: api_key.py

Field Type Required Description Validators
key_hash str Argon2 hash of the API key -
user_id str Owner user ID -
name str Human-readable key label -
scopes list[str] Permission scopes for this key -
expires_at None Key expiration date (None = never expires) -
last_used_at None Last time the key was used -
is_active bool Whether the key is active -
Setting Value
Submittable False
Track Changes True

Controller hooks are implemented in *_controller.py files. Available lifecycle hooks:

  • validate() - Called before save, raise exceptions for validation errors
  • before_insert() - Called before inserting a new document
  • after_insert() - Called after successfully inserting
  • before_save() - Called before saving (insert or update)
  • after_save() - Called after saving
  • before_delete() - Called before deleting
  • after_delete() - Called after deleting