Authorizations
Unkey uses API keys (root keys) for authentication. These keys authorize access to management operations in the API. To authenticate, include your root key in the Authorization header of each request:
Authorization: Bearer unkey_123Root keys have specific permissions attached to them, controlling what operations they can perform. Key permissions follow a hierarchical structure with patterns like resource.resource_id.action (e.g., apis.*.create_key, apis.*.read_api).
Security best practices:
- Keep root keys secure and never expose them in client-side code
- Use different root keys for different environments
- Rotate keys periodically, especially after team member departures
- Create keys with minimal necessary permissions following least privilege principle
- Monitor key usage with audit logs.
Body
Specifies which permission to permanently delete from your workspace.
This can be a permission ID or a permission slug.
WARNING: Deleting a permission has immediate and irreversible consequences:
- All API keys with this permission will lose that access immediately
- All roles containing this permission will have it removed
- Any verification requests checking for this permission will fail
- This action cannot be undone
Before deletion, ensure you:
- Have updated any keys or roles that depend on this permission
- Have migrated to alternative permissions if needed
- Have notified affected users about the access changes
3 - 255"perm_1234567890abcdef"
Response
Permission deleted successfully
Metadata object included in every API response. This provides context about the request and is essential for debugging, audit trails, and support inquiries. The requestId is particularly important when troubleshooting issues with the Unkey support team.
Empty response object by design. A successful response indicates this operation was successfully executed.