Account Endpoints
Manage your profile, API keys, allowed sites, usage statistics, and audit log.
Authentication required
All account endpoints require a valid API key with the appropriate scope.
Profile
GET
/v1/account/meaccount:readGet user profile
Returns the authenticated user's profile information.
Example Request
Bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/meResponse
200User profile
JSON
{
"id": "usr_abc123",
"name": "Jane Doe",
"email": "jane@example.com",
"emailVerified": true,
"createdAt": "2026-01-15T10:30:00Z"
}API Keys
GET
/v1/account/me/keysaccount:readList API keys
Returns all API keys belonging to the authenticated user. Raw key values are never returned.
Example Request
Bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/keysResponse
200List of API key metadata
JSON
[
{
"id": "key_abc123",
"prefix": "a1b2c3d4",
"name": "Production key",
"type": "secret",
"scopes": null,
"isActive": true,
"createdAt": "2026-01-15T10:30:00Z",
"lastUsedAt": "2026-03-17T22:00:00Z",
"expiresAt": null
}
]POST
/v1/account/me/keysaccount:writeCreate API key
Creates a new API key. The raw key is returned once in the response — store it securely.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Required | Human-readable key name (max 100 chars) |
type | string | Default: secret | "secret" or "publishable" |
scopes | string[] | Optional | Scope restrictions (secret keys only). Omit for full access. |
allowedOrigins | string[] | Optional | Allowed origin patterns (required for publishable keys) |
Example Request
Bash
curl -X POST -H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "Production key", "type": "secret"}' \
https://api.netloc8.com/v1/account/me/keysResponse
201Key created — raw key shown once
JSON
{
"rawKey": "sk_a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
"prefix": "a1b2c3d4",
"id": "key_abc123",
"name": "Production key",
"type": "secret",
"scopes": null
}DELETE
/v1/account/me/keys/{keyId}account:writeRevoke API key
Revokes (deletes) an API key belonging to the authenticated user. This action is permanent.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
keyId | string | Required | The API key ID (hash) to revoke |
Example Request
Bash
curl -X DELETE -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/keys/key_abc123Response
200Key revoked
JSON
{
"deleted": true
}POST
/v1/account/me/keys/{keyId}/renewaccount:writeRenew API key
Resets the expiration on an API key, extending its validity. Useful for free-plan keys that expire after 1 year.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
keyId | string | Required | The API key ID to renew |
Example Request
Bash
curl -X POST -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/keys/key_abc123/renewResponse
200Key renewed
JSON
{
"status": "renewed"
}Usage
GET
/v1/account/me/usageaccount:readGet usage statistics
Returns usage statistics and rate limit status for the authenticated user's API keys.
Example Request
Bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/usageResponse
200Usage statistics
JSON
{
"totalKeys": 2,
"activeKeys": 2,
"keys": [
{
"keyPrefix": "a1b2c3d4",
"keyName": "Production key",
"isActive": true,
"lastUsedAt": "2026-03-17T22:00:00Z",
"rateLimitRemaining": 95,
"rateLimitMax": 120
}
]
}Sites
GET
/v1/account/me/sitesaccount:readList allowed sites
Returns all allowed-origin sites configured for the authenticated user.
Example Request
Bash
curl -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/sitesResponse
200List of sites
JSON
[
{
"id": "site_abc",
"name": "https://example.com",
"userId": "usr_abc123",
"createdAt": "2026-01-15T10:30:00Z"
}
]POST
/v1/account/me/sitesaccount:writeAdd allowed site
Registers a new allowed-origin site for the authenticated user. Subject to plan-based site limits.
Request Body
| Parameter | Type | Required | Description |
|---|---|---|---|
name | string | Required | Site origin URL (e.g. https://example.com) |
Example Request
Bash
curl -X POST -H "X-API-Key: YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{"name": "https://example.com"}' \
https://api.netloc8.com/v1/account/me/sitesResponse
201Site created
JSON
{
"id": "site_abc",
"name": "https://example.com",
"userId": "usr_abc123",
"createdAt": "2026-01-15T10:30:00Z"
}DELETE
/v1/account/me/sites/{siteId}account:writeRemove allowed site
Removes an allowed-origin site belonging to the authenticated user.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
siteId | string | Required | The site ID to remove |
Example Request
Bash
curl -X DELETE -H "X-API-Key: YOUR_KEY" \
https://api.netloc8.com/v1/account/me/sites/site_abcResponse
204Site deleted
Audit Log
GET
/v1/account/me/auditaccount:readGet activity log
Returns the authenticated user's audit trail — a chronological log of account actions. Supports filtering and pagination.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
limit | integer | Default: 50 | Max entries to return (1–100) |
offset | integer | Default: 0 | Pagination offset |
action | string | Optional | Filter by action (e.g. create_key, login) |
search | string | Optional | Free-text search across action, target, and detail fields |
Example Request
Bash
curl -H "X-API-Key: YOUR_KEY" \
"https://api.netloc8.com/v1/account/me/audit?limit=10"Response
200Paginated audit log entries
JSON
{
"logs": [
{
"id": 1,
"app": "api",
"actor_id": "usr_abc123",
"action": "create_key",
"target_type": "api_key",
"detail": "Created key \"Production\"",
"created_at": 1710720000
}
],
"total": 42,
"limit": 10,
"offset": 0
}