Skip to main content

v0.0.9

API key management and scoped API access release for the Next.js application template.

SectionHistory / Releases
UpdatedJul 6, 2026
AuthorTemplate Maintainers
Versionv0.0.9
Reading time2 min

v0.0.9

v0.0.9 adds API key management and scoped machine access to the template. It introduces personal and organization keys, a starter /api/v1 surface, and settings UI for creating, updating, disabling, and deleting keys.

Highlights

  • Personal API keys are managed from /user/api-keys.
  • Organization API keys are managed from /w/:organizationKey/settings/api-keys.
  • API clients authenticate with the x-api-key header instead of browser session cookies.
  • Keys support one-time secret display, permission presets, expiration, and rate limits.
  • Starter /api/v1 endpoints expose key metadata, organizations, organization members, teams, and team members.
  • Owner and admin workspace roles can manage organization keys by default.

What changed for template users

Personal keys act as the owning user and can read organization data only while that user remains a member. Organization keys act as one workspace organization and stay scoped to that organization. Both key families use explicit permissions, so product teams can add their own API routes and permission presets without exposing raw Better Auth records to client code.

The management pages include education copy, create and edit dialogs, status metadata, key prefix display, scope summaries, rate-limit values, expiration state, last-use state, and delete confirmation.

Upgrade notes

  • A Prisma migration is required before using API key features.
  • Regenerate the Prisma client after installing dependencies so prisma.apiKey is available.
  • API clients must send keys in the x-api-key header.
  • Key secrets are shown only once at creation time.
  • Normal edits do not renew expiration automatically; renewal is explicit.
  • Node.js 22+ is recommended because the current cache handler dependency requires it.

Quality

The release adds OpenSpec requirements, Jest coverage for API key configuration, permissions, schemas, actions, route handlers, management helpers, and UI behavior, plus Playwright coverage for personal keys, organization keys, and organization permission boundaries.