Account Management
The /v1/account endpoints let you manage your credentials and monitor usage. All endpoints require a Bearer token in the Authorization header.
Get Configuration
Retrieve your account configuration, including your authentication method, rate limits, network policies, and permissions.
curl https://api.odditt.com/v1/account/config \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Response
{
"success": true,
"auth_method": "api_key",
"rate_limit": {
"requests_per_min": 60,
"requests_per_hour": 1000,
"requests_per_day": 10000
},
"network_policy": {
"allowed_ips": {
"tenant": [],
"client": []
},
"allowed_domains": {
"tenant": [],
"client": []
}
},
"permissions": {
"tenant": { ... },
"client": { ... }
}
}
The auth_method field tells you which authentication flows are available to your account. See Authentication Methods for details.
API Keys
List API Keys
curl https://api.odditt.com/v1/account/api-keys \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
{
"success": true,
"api_keys": [
{
"key_code": "550e8400-e29b-41d4-a716-446655440000",
"name": "Production Key",
"active": true,
"widget": false,
"created_at": "2026-01-15T10:30:00Z",
"expires_at": null
}
]
}
Create API Key
curl -X POST https://api.odditt.com/v1/account/api-keys \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "My New Key"}'
{
"success": true,
"key_code": "550e8400-e29b-41d4-a716-446655440000",
"message": "API key created successfully",
"api_key": "bWtleV9iYXNlNjRlbmNvZGVk..."
}
The api_key value is only returned once. Store it securely — it cannot be retrieved again.
Deactivate API Key
curl -X DELETE https://api.odditt.com/v1/account/api-keys/KEY_CODE \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
{
"success": true,
"message": "API key deactivated"
}
You cannot deactivate an API key marked as "widget": true. You also cannot deactivate your last active API key if your account's authentication method requires API key access.
Client Secrets
List Secrets
curl https://api.odditt.com/v1/account/secrets \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
{
"success": true,
"secrets": [
{
"secret_code": "660e8400-e29b-41d4-a716-446655440000",
"secret_preview": "betflow_b2b_...a1b2c3d4e5",
"created_at": "2026-01-15T10:30:00Z",
"updated_at": "2026-01-15T10:30:00Z"
}
]
}
Create Secret
curl -X POST https://api.odditt.com/v1/account/secret \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
{
"client_secret": "betflow_b2b_c2VjcmV0X2Jhc2U2NA..."
}
The client_secret value is only returned once. Store it securely — it cannot be retrieved again.
Delete Secret
curl -X DELETE https://api.odditt.com/v1/account/secrets/SECRET_CODE \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
{
"success": true,
"message": "Client secret deleted"
}
You cannot delete your last secret if your account's authentication method requires OAuth access.
Usage
Retrieve your API usage statistics.
curl https://api.odditt.com/v1/account/usage \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
You can optionally filter by date range:
curl "https://api.odditt.com/v1/account/usage?start_date=2026-03-01T00:00:00Z&end_date=2026-03-26T23:59:59Z" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN"
Response
{
"success": true,
"client_id": "550e8400-e29b-41d4-a716-446655440000",
"today": {
"request_count": 100,
"success_count": 95,
"error_count": 5
},
"this_month": {
"request_count": 3000,
"success_count": 2850,
"error_count": 150
},
"this_year": {
"request_count": 50000,
"success_count": 47500,
"error_count": 2500
},
"custom": {
"start": "2026-03-01T00:00:00Z",
"end": "2026-03-26T23:59:59Z",
"request_count": 500,
"success_count": 475,
"error_count": 25
}
}
The custom object is only included when both start_date and end_date query parameters are provided.