Site API Keys
Manage Faurya site API keys with the CLI tokens command group.
Site API Keys
The CLI command group is named tokens, but these commands manage site API keys for a Faurya website.
Site API keys are website-scoped credentials. They are useful for automation, integrations, and scripts that should operate on one website rather than a full user account.
New or rotated key secrets are visible only once when the command runs. Store them immediately in your approved secret manager. This documentation never shows raw or masked key examples.
Requirements
Token management requires normal Faurya user access for the website and site API-key permissions. A site API key cannot list, create, rotate, revoke, or otherwise manage other site API keys.
List site API keys
faurya tokens list <websiteId>Lists active site API-key metadata for the selected website.
Create a site API key
faurya tokens create <websiteId> --name "Deploy key"faurya tokens create <websiteId> --input '{"name":"Deploy key"}'The command creates a new key and displays its secret once. Save the secret before closing the terminal session.
Get one site API key
faurya tokens get <websiteId> <tokenId>Reads metadata for one active key. It does not reveal the key secret.
Rotate a site API key
faurya tokens rotate <websiteId> <tokenId>faurya tokens rotate <websiteId> <tokenId> --yesRotation revokes the old key and creates a replacement secret. Update every application or deployment that used the old key.
Revoke a site API key
faurya tokens revoke <websiteId> <tokenId>faurya tokens revoke <websiteId> <tokenId> --yesRevocation disables the key for future use. It should be treated as irreversible for normal user workflows.
Confirmation requirements
tokens rotate and tokens revoke are destructive. In an interactive terminal, the CLI asks for confirmation. In non-interactive scripts, pass --yes only after verifying the website ID and token ID.
Safe storage guidance
- Store secrets in a secret manager or deployment platform.
- Never commit site API keys to source control.
- Avoid printing key secrets in CI logs.
- Rotate keys after suspected exposure.
- Revoke keys that are no longer used.
Why site API keys cannot manage keys
Site API-key management is intentionally reserved for normal user access with the right role and permissions. This prevents a website-scoped automation key from creating or revoking other keys for that same website.