> ## Documentation Index
> Fetch the complete documentation index at: https://docs.waterfall.io/llms.txt
> Use this file to discover all available pages before exploring further.

# API Keys Management

> Manage your Waterfall API keys programmatically using a master key.

<Note>
  API key management is an **enterprise feature**. Contact your account manager to get access. Once enabled, you'll receive a master API key that can create, list, and modify all other keys on your account.
</Note>

## How it works

You use a single **master key** to manage all sub-keys. Sub-keys are the keys your teams, workflows, or integrations use for API calls. The master key itself cannot be modified or deleted.

## Key attributes

| Field              | Type          | Description                                                                |
| ------------------ | ------------- | -------------------------------------------------------------------------- |
| `api_key`          | string (UUID) | Unique identifier for the key                                              |
| `notes`            | string        | Label or description — useful for identifying which team or system uses it |
| `master`           | boolean       | `true` for the master key, `false` for all sub-keys                        |
| `active`           | boolean       | `true` if the key can make API calls, `false` if deactivated               |
| `per_interval`     | integer       | Maximum requests allowed per interval                                      |
| `interval_seconds` | integer       | Interval duration in seconds — always `60`                                 |

## Available operations

| Operation                           | Endpoint            |
| ----------------------------------- | ------------------- |
| [List keys](/v1/api-keys-list)      | `GET /v1/api-keys`  |
| [Create a key](/v1/api-keys-create) | `POST /v1/api-keys` |
| [Modify a key](/v1/api-keys-modify) | `PUT /v1/api-keys`  |

<Warning>
  All three endpoints require your **master API key** in the `x-api-key` header. Requests authenticated with a sub-key will be rejected.
</Warning>
