Skip to main content
Console endpoints manage your mb_live_* API keys. They authenticate with your console login session (JWT) — not an mb_live_* key.
Most teams just use the console UI: cdm.thetahealth.cnAPI Keys. The REST endpoints below are for automation.

List keys

GET /api/console/keys
Authorization: Bearer <console_jwt>
Returns your keys with metadata (id, prefix, created/last-used) — never the full secret.

Create a key

POST /api/console/keys
Authorization: Bearer <console_jwt>

curl -X POST https://cdm.thetahealth.cn/api/console/keys \
  -H "Authorization: Bearer $CONSOLE_JWT" \
  -H "Content-Type: application/json" \
  -d '{"name": "production"}'
The response includes the full mb_live_* secret once — store it now; it can’t be retrieved again.

Revoke a key

DELETE /api/console/keys/{id}
Authorization: Bearer <console_jwt>
Treat mb_live_* secrets like passwords: keep them server-side, never ship them in client code, and revoke immediately if leaked.