The API Keys page at /dashboard/api-keys manages keys that let external systems (CRMs) trigger outbound calls without a JWT. It lives in src/pages/ApiKeys.tsx with modals in src/components/api-keys/ (CreateKeyModal, KeyCreatedModal).

Key table

Loaded from GET /api/v1/api-keys, the DataTable shows:
ColumnSource
Namekey.name
Keykey_prefix followed by •••• (full key never re-shown)
StatusActive / Expired / Inactive badge
Expiresexpires_at
Last Usedrelative time of last_used_at
Createdcreated_at
Actionsactivate/deactivate toggle, delete
Status is computed by getStatus: inactive keys are Inactive (danger), keys past expires_at are Expired (neutral), otherwise Active (success). A search box filters by name or key prefix.

Lifecycle

ActionEndpoint
CreatePOST /api/v1/api-keys
Toggle activePATCH /api/v1/api-keys/{id} with is_active
DeleteDELETE /api/v1/api-keys/{id} (confirm dialog)

Create and one-time reveal

CreateKeyModal collects a required Name and an optional Expires At date (blank = no expiry), then POSTs to /api/v1/api-keys. The response includes the full key, which is handed to KeyCreatedModal.
KeyCreatedModal is the only place the full key is ever shown. It warns “This key won’t be shown again” and offers copy-to-clipboard. After closing, only the vx_xxxx•••• prefix remains visible in the table.
Deleting a key immediately revokes access for any system using it — the confirm dialog states this explicitly.

API keys (VoxBridge)

Key hashing, dual auth, and enforcement.

Dialout API

Triggering outbound calls with an API key.

Users

Human user accounts and roles.