Fix OpenAPI definition for API key endpoints

[thivindu]

Current Limitation

The current OpenAPI definitions for the API key related operations are unclear.

Suggested Improvement

Refactor the request methods and paths to better align with REST API practices and clarity.

Generate API key

POST /apis/{id}/api-key -> POST /apis/{id}/generate-api-key

The APIKeyGenerationRequest schema allows both expires_in (duration) and expires_at (absolute timestamp), but neither is required and there's no indication of precedence if both are provided. This ambiguity could confuse API consumers. Give precedence for the expires_at if both are provided.

List API keys

GET /apis/{id}/api-key -> GET /apis/{id}/api-keys
Improve grammar in operation description.
Retrieve the list of all the active API keys for the specified API by the user. -> Retrieve all active API keys for the specified API created by the user.

Rotate API key

PUT /apis/{id}/api-key/{apiKeyName} -> POST /apis/{id}/api-keys/{apiKeyName}/regenerate

Revoke API key

DELETE /apis/{id}/api-key/{apiKey} -> POST /apis/{id}/revoke-api-key
Do not pass the actual API Key in the URL. Specify a new RevokeRequest and specify the key in the body.

Version

No response

[coderabbitai]

📝 CodeRabbit Plan Mode

Generate an implementation plan and prompts that you can use with your favorite coding agent.

• Create Plan

Examples

• Example 1
• Example 2

---

🧪 Issue enrichment is currently in open beta.

You can configure auto-planning by selecting labels in the issue_enrichment configuration.

To disable automatic issue enrichment, add the following to your .coderabbit.yaml:

issue_enrichment:
  auto_enrich:
    enabled: false

💬 Have feedback or questions? Drop into our discord or schedule a call!