ApiKey
API key for scripts and integrations.
Attributes:
key_hash: Argon2 hash of the API key (excluded from serialization)
user_id: Owner of the key
name: Human-readable label for the key
scopes: Optional permission scopes (e.g., ["read", "write"])
expires_at: Optional expiration date
last_used_at: Last time the key was used (for auditing)
is_active: Whether the key is currently active
Security:
- key_hash is excluded from model_dump() and model_dump_json()
- Never store or return plaintext keys
- Raw key is only shown once at creation time
Example:
key = ApiKey(
key_hash="$argon2id$v=19$...",
user_id="user-123",
name="Production Deployment",
scopes=["deploy"],
expires_at=datetime(2025, 12, 31),
)
Source: api_key.py
Fields
| Field | Type | Required | Description | Validators |
|---|---|---|---|---|
| key_hash | str | Argon2 hash of the API key | - | |
| user_id | str | Owner user ID | - | |
| name | str | Human-readable key label | - | |
| scopes | list[str] | Permission scopes for this key | - | |
| expires_at | datetime | None | Key expiration date (None = never expires) | |
| last_used_at | datetime | None | Last time the key was used | |
| is_active | bool | Whether the key is active | - |
Configuration
| Setting | Value |
|---|---|
| Submittable | False |
| Track Changes | True |
Controller
Controller hooks are implemented in *_controller.py files.
Available lifecycle hooks:
validate()- Called before save, raise exceptions for validation errorsbefore_insert()- Called before inserting a new documentafter_insert()- Called after successfully insertingbefore_save()- Called before saving (insert or update)after_save()- Called after savingbefore_delete()- Called before deletingafter_delete()- Called after deleting