Account
View your profile and manage API keys programmatically.
Get Profile
profiles:read/api/v1/meReturns the profile of the authenticated user (the user who owns the API key).
curl "https://readyraider.com/api/v1/me" \
-H "Authorization: Bearer rr_live_your_key"{
"data": {
"id": "user-uuid",
"email": "player@example.com",
"display_name": "ProGamer42",
"avatar_url": "https://...",
"created_at": "2025-06-15T10:00:00Z"
}
}List API Keys
profiles:read/api/v1/me/api-keysReturns a list of the authenticated user's active (non-revoked) API keys. Key hashes are never returned.
curl "https://readyraider.com/api/v1/me/api-keys" \
-H "Authorization: Bearer rr_live_your_key"{
"data": [
{
"id": "key-uuid-1",
"name": "Discord Bot",
"key_prefix": "rr_live_abc1",
"permissions": ["tournaments:read", "leagues:read"],
"last_used_at": "2026-02-13T15:30:00Z",
"created_at": "2026-01-10T10:00:00Z",
"expires_at": null
},
{
"id": "key-uuid-2",
"name": "Stream Overlay",
"key_prefix": "rr_live_def2",
"permissions": ["tournaments:read"],
"last_used_at": "2026-02-12T20:00:00Z",
"created_at": "2026-02-01T12:00:00Z",
"expires_at": "2026-06-01T00:00:00Z"
}
]
}Note
key_prefix field shows the first 12 characters of the key for identification purposes. The full key and key hash are never returned in list responses.Create API Key
profiles:write/api/v1/me/api-keysCreates a new API key. The full key is returned once in the response and can never be retrieved again. Maximum 10 active keys per account.
Request Body (JSON)
| Parameter | Type | Description |
|---|---|---|
name | string | Descriptive name for the key (1-100 characters) |
permissions | string[] | Array of permission scopes (at least 1) |
expires_at | string | ISO 8601 expiration date/time (optional, omit for non-expiring) |
Valid Permission Values
tournaments:readtournaments:writeleagues:readleagues:writeorganizations:readorganizations:writeraids:readraids:writeprofiles:readprofiles:writereadwritecurl -X POST "https://readyraider.com/api/v1/me/api-keys" \
-H "Authorization: Bearer rr_live_your_key" \
-H "Content-Type: application/json" \
-d '{
"name": "My Discord Bot",
"permissions": ["tournaments:read", "leagues:read"],
"expires_at": "2027-01-01T00:00:00Z"
}'{
"data": {
"id": "new-key-uuid",
"name": "My Discord Bot",
"key_prefix": "rr_live_abc1",
"key": "rr_live_abc123def456789012345678901234567890123456789012345678901234",
"permissions": ["tournaments:read", "leagues:read"],
"created_at": "2026-02-13T16:00:00Z",
"expires_at": "2027-01-01T00:00:00Z"
}
}Danger
key field is only included in this response. Copy it immediately and store it securely. If you lose it, you'll need to create a new key.Revoke API Key
profiles:write/api/v1/me/api-keys/:idRevokes an API key. The key is soft-deleted (marked with a revoked_at timestamp) and will immediately stop working. You cannot revoke the key you're currently using to authenticate.
Path Parameters
| Parameter | Type | Description |
|---|---|---|
id | uuid | The API key UUID to revoke |
curl -X DELETE "https://readyraider.com/api/v1/me/api-keys/key-uuid" \
-H "Authorization: Bearer rr_live_your_key"{
"data": {
"id": "key-uuid",
"revoked_at": "2026-02-13T16:30:00Z"
}
}Warning
401 Unauthorized errors.Key Management Best Practices
Use Separate Keys Per Integration
Create a dedicated API key for each application or service. This way, if one key is compromised, you can revoke it without affecting other integrations.
Set Expiration Dates
Use the expires_at field to automatically expire keys. This limits the window of exposure if a key is leaked.
Use Minimum Scopes
Only grant the permissions each integration needs. A read-only dashboard doesn't need write scopes.
Rotate Keys Regularly
Create a new key, update your integration, then revoke the old key. This minimizes the risk of long-lived credentials being compromised.
Store Keys Securely
Use environment variables or a secrets manager. Never hardcode keys in source code or commit them to version control.