> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pageonetravel.com/llms.txt
> Use this file to discover all available pages before exploring further.

# API Key Management

> Create, list, and delete partner API keys.

All endpoints require partner JWT:

```http theme={null}
Authorization: Bearer <partner_jwt>
```

## What is API Key

`api-key` is the credential used by programmatic OTA flow APIs:

* `POST /api/search`
* `POST /api/quote`
* `POST /api/book`
* `POST /api/cancel`

Backend maps API key to a partner and authorizes connection usage by `settings.access.code`.

## 1) Create API Key (Partner Admin only)

```http theme={null}
POST /api/partner/api-keys
```

No request body.

Response contains a new key document (`apiKey`, `partner`, timestamps).

## 2) List API Keys

```http theme={null}
GET /api/partner/api-keys
```

Returns API keys under current partner, newest first.

## 3) Delete API Key (Partner Admin only)

```http theme={null}
DELETE /api/partner/api-keys/:id
```

## Example List Response

```json theme={null}
{
  "data": [
    {
      "_id": "67ab62f4d90f8d7bf44ff001",
      "apiKey": "<API_KEY_UUID>",
      "partner": "67a84f588277d6f3bc5ecfff",
      "createdAt": "2026-02-11T18:49:56.804Z",
      "updatedAt": "2026-02-11T18:49:56.804Z"
    }
  ],
  "message": "success"
}
```

## Limits and Rules

* Maximum `10` API keys per partner
* API key ID in delete must belong to current partner

## Common Errors

* `403 Require partner admin role`
* `400 Maximum number of API keys (10) has been reached`
* `404 API key not found`
