Skip to main content
GET
/
api
/
v1
/
keys
/
{id}
/
skills
Key Skill Binding
curl --request GET \
  --url https://api.example.com/api/v1/keys/{id}/skills \
  --header 'Content-Type: application/json' \
  --data '
{
  "skill_ids": [
    "<string>"
  ]
}
'
{
  "key_id": "<string>",
  "inherits_all": true,
  "skill_ids": [
    "<string>"
  ],
  "skills": [
    {}
  ]
}
Each API key can carry an explicit allowlist of skills. An empty allowlist means the key inherits all of your installed skills (the default). A non-empty allowlist restricts the key to exactly those skills, intersected with your installed set at request time.

Authentication

Requires an API key with billing scope. The caller must be the key owner or a team member with permission to manage API keys.

Path Parameters

id
string
required
The API key UUID.

Get the binding

GET /api/v1/keys/{id}/skills
key_id
string
The API key UUID.
inherits_all
boolean
true when the allowlist is empty (the key inherits all installed skills).
skill_ids
string[]
The bound skill IDs (empty when inherits_all is true).
skills
array
Display metadata for each bound skill: id, slug, name, category, is_public.

Replace the binding

PUT /api/v1/keys/{id}/skills
skill_ids
string[]
required
The full set of skill IDs to bind. Pass an empty array to reset the key to inherit all installed skills.
Team-scoped keys may only bind skills that are public, authored by the caller, or scoped to the key’s team. If any ID isn’t visible to the key, the request returns 400 skill_visibility_denied and no change is made.

Example

curl -X PUT https://www.hitheo.ai/api/v1/keys/KEY_ID/skills \
  -H "Authorization: Bearer $THEO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "skill_ids": ["11111111-2222-3333-4444-555555555555"] }'