← Back to all products
$9
API Key Manager
Generate, validate, and rotate API keys with scoping, expiration, and grace periods.
JSONMarkdownPython
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 9 files
api-key-manager/
├── LICENSE
├── README.md
├── examples/
│ └── config.example.json
├── free-sample.zip
├── guide/
│ ├── 01_api-key-manager.md
│ ├── 02_features.md
│ └── 03_quick-start.md
├── index.html
└── src/
└── main.py
📖 Documentation Preview README excerpt
API Key Manager
Generate, validate, and rotate API keys with scoping, expiration, and grace periods. Zero dependencies.
Part of the API Launchpad toolkit by [CodeVault](https://codevault.dev).
Features
- Cryptographically secure key generation with
secrets.token_hex() - Custom prefixes:
sk_live_,ak_,api_— match your brand - HMAC-SHA256 validation with timing-safe comparison (never stores plaintext)
- Scope-based permissions:
read,write,admin, or custom scopes likeread:users - Key expiration with configurable TTL (default: 90 days)
- Key rotation with grace periods — old key still works during transition
- Usage tracking: last used timestamp and request count per key
- CLI tool for key management (generate, list, validate, rotate, revoke)
- Zero dependencies — runs on Python stdlib only
Quick Start
# Generate a new API key
python3 src/main.py generate --name "My App" --scopes read write
# Output:
# API Key (save this — shown only once!):
# sk_live_a1b2c3d4e5f6...
#
# Key ID: key_abc123
# Name: My App
# Scopes: read, write
# Expires: 2026-04-15T10:30:00+00:00
# List all keys
python3 src/main.py list
# Validate a key
python3 src/main.py validate --key "sk_live_a1b2c3d4..."
# Rotate a key (generates new key, old key gets 24h grace period)
python3 src/main.py rotate --key-id key_abc123
# Revoke a key immediately
python3 src/main.py revoke --key-id key_abc123
# Start demo server with API key authentication
python3 src/main.py serve --port 8000
Using as a Library
from main import APIKeyManager, KeyAuthMiddleware
manager = APIKeyManager(prefix="sk_live", default_ttl_days=90)
# Generate a key
plaintext, key_meta = manager.generate_key(
name="Production App",
scopes=["read", "write"],
*... continues with setup instructions, usage examples, and more.*
📄 Code Sample .py preview
src/main.py
#!/usr/bin/env python3
"""
API Key Manager — Generate, Validate, and Rotate API Keys
===========================================================
Complete API key lifecycle management with configurable prefixes,
HMAC-SHA256 validation, expiration, scope-based permissions, key
rotation with grace periods, and usage tracking.
Zero dependencies. Import or run as CLI.
Part of the API Launchpad toolkit by DataNest.
License: MIT
"""
from __future__ import annotations
import hashlib
import hmac
import json
import logging
import os
import secrets
import threading
import time
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone, timedelta
from http.server import HTTPServer, BaseHTTPRequestHandler
from pathlib import Path
from typing import Any
# ---------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------
DEFAULT_HOST = "0.0.0.0"
DEFAULT_PORT = 8000
DEFAULT_KEY_PREFIX = "sk_live" # Customizable: sk_live, ak_, api_, etc.
DEFAULT_KEY_LENGTH = 32 # Characters of random hex
DEFAULT_TTL_DAYS = 90 # Default key expiration: 90 days
DEFAULT_GRACE_PERIOD_HOURS = 24 # Old key still works during rotation
KEY_STORE_FILE = Path("./api_keys.json")
logging.basicConfig(
level=logging.INFO,
format="%(asctime)s [%(levelname)s] %(message)s",
datefmt="%Y-%m-%dT%H:%M:%S",
)
logger = logging.getLogger("api-key-manager")
# ... 438 more lines ...