unkeyed · chronark · Jul 30, 2025 · Jul 29, 2025 · Jul 29, 2025 · Jul 29, 2025
@@ -9,7 +9,7 @@ description: "A permission with this slug already exists"
     "requestId": "req_2c9a0jf23l4k567"
   },
   "error": {
-    "detail": "A permission with name \"admin\" already exists in this workspace",
+    "detail": "A permission with slug \"admin\" already exists in this workspace",
     "status": 409,
     "title": "Conflict",
     "type": "https://unkey.com/docs/api-reference/errors-v2/unkey/data/permission/duplicate"

@@ -674,7 +674,7 @@ components:
                         type: string
                         minLength: 1
                         maxLength: 100
-                        pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                        pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                     description: |
                         Assigns existing roles to this key for permission management through role-based access control.
                         Roles must already exist in your workspace before assignment.
@@ -916,7 +916,7 @@ components:
                         Invalid role references cause the entire operation to fail atomically, ensuring consistent state.
                     items:
                         type: string
-                        pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                        pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                         minLength: 3
                         maxLength: 255
                         description: Specify the role by name.
@@ -1004,7 +1004,7 @@ components:
                         Invalid role references cause the entire operation to fail atomically, ensuring consistent state.
                     items:
                         type: string
-                        pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                        pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                         minLength: 3
                         maxLength: 255
                         description: Specify the role by name.
@@ -1171,7 +1171,7 @@ components:
                         type: string
                         minLength: 1
                         maxLength: 100
-                        pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                        pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                         description: |
                             Assigns existing roles to this key for permission management through role-based access control.
                             Roles must already exist in your workspace before assignment.
@@ -1459,7 +1459,7 @@ components:
             properties:
                 role:
                     type: string
-                    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                    pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                     minLength: 3
                     maxLength: 255
                     description: |
@@ -1523,7 +1523,7 @@ components:
                     type: string
                     minLength: 3
                     maxLength: 255
-                    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+                    pattern: ^[a-zA-Z0-9_:\-\.\*]+$
                     description: |
                         Unique identifier of the role to permanently delete from your workspace.
                         Must either be a valid role ID that begins with 'role_' or the given role name and exists within your workspace.
@@ -2195,7 +2195,6 @@ components:
                     type: string
                     minLength: 1
                     maxLength: 128
-                    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
                     description: Human-readable name for this rate limit.
                     example: api_requests
                 limit:
@@ -2312,6 +2311,12 @@ components:
                     default: false
         V2IdentitiesCreateIdentityResponseData:
             type: object
+            properties:
+                identityId:
+                    type: string
+                    description: The unique identifier of the created identity.
+            required:
+                - identityId
         V2IdentitiesGetIdentityResponseData:
             type: object
             required:
@@ -2703,7 +2708,6 @@ components:
                     type: string
                     minLength: 1
                     maxLength: 128
-                    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
                     description: Human-readable name for this rate limit.
                     example: api_requests
                 limit:
@@ -2874,11 +2878,6 @@ components:
             type: object
             additionalProperties: false
             properties:
-                namespaceId:
-                    description: The unique identifier of the rate limit namespace this override belongs to. This links the override to a specific namespace context, ensuring the override only applies within that namespace.
-                    type: string
-                    minLength: 1
-                    maxLength: 255
                 overrideId:
                     description: The unique identifier of this specific rate limit override. This ID is generated when the override is created and can be used for management operations like updating or deleting the override.
                     type: string
@@ -2919,7 +2918,6 @@ components:
                     type: integer
                     minimum: 0
             required:
-                - namespaceId
                 - overrideId
                 - duration
                 - identifier

@@ -1,13 +1,6 @@
 type: object
 additionalProperties: false
 properties:
-  namespaceId:
-    description: The unique identifier of the rate limit namespace this override
-      belongs to. This links the override to a specific namespace context, ensuring
-      the override only applies within that namespace.
-    type: string
-    minLength: 1
-    maxLength: 255
   overrideId:
     description: The unique identifier of this specific rate limit override.
       This ID is generated when the override is created and can be used for
@@ -53,7 +46,6 @@ properties:
     type: integer
     minimum: 0
 required:
-  - namespaceId
   - overrideId
   - duration
   - identifier

@@ -11,7 +11,6 @@ properties:
     type: string
     minLength: 1
     maxLength: 128
-    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
     description: Human-readable name for this rate limit.
     example: api_requests
   limit:

@@ -1 +1,7 @@
 type: object
+properties:
+  identityId:
+    type: string
+    description: The unique identifier of the created identity.
+required:
+  - identityId
@@ -78,7 +78,7 @@ properties:
       type: string
       minLength: 1
       maxLength: 100 # Keep role names concise and readable
-      pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+      pattern: ^[a-zA-Z0-9_:\-\.\*]+$
     description: |
       Assigns existing roles to this key for permission management through role-based access control.
       Roles must already exist in your workspace before assignment.

@@ -26,7 +26,7 @@ properties:
       Invalid role references cause the entire operation to fail atomically, ensuring consistent state.
     items:
       type: string
-      pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+      pattern: ^[a-zA-Z0-9_:\-\.\*]+$
       minLength: 3
       maxLength: 255
       description: Specify the role by name.

@@ -26,7 +26,7 @@ properties:
       Invalid role references cause the entire operation to fail atomically, ensuring consistent state.
     items:
       type: string
-      pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+      pattern: ^[a-zA-Z0-9_:\-\.\*]+$
       minLength: 3
       maxLength: 255
       description: Specify the role by name.

@@ -104,7 +104,7 @@ properties:
       type: string
       minLength: 1
       maxLength: 100 # Keep role names concise and readable
-      pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+      pattern: ^[a-zA-Z0-9_:\-\.\*]+$
       description: |
         Assigns existing roles to this key for permission management through role-based access control.
         Roles must already exist in your workspace before assignment.

@@ -14,7 +14,6 @@ properties:
     type: string
     minLength: 1
     maxLength: 128
-    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
     description: Human-readable name for this rate limit.
     example: api_requests
   limit:

@@ -4,7 +4,7 @@ required:
 properties:
   role:
     type: string
-    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+    pattern: ^[a-zA-Z0-9_:\-\.\*]+$
     minLength: 3
     maxLength: 255
     description: |

@@ -6,7 +6,7 @@ properties:
     type: string
     minLength: 3
     maxLength: 255
-    pattern: "^[a-zA-Z][a-zA-Z0-9_-]*$"
+    pattern: ^[a-zA-Z0-9_:\-\.\*]+$
     description: |
       Unique identifier of the role to permanently delete from your workspace.
       Must either be a valid role ID that begins with 'role_' or the given role name and exists within your workspace.

@@ -161,5 +161,6 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		Meta: openapi.Meta{
 			RequestId: s.RequestID(),
 		},
+		Data: openapi.EmptyResponse{},
 	})
 }
@@ -305,30 +305,18 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		}
 	}
 
-	// Filter out the cursor key if cursor was provided (to avoid duplicates)
-	filteredKeys := keys
-	if cursor != "" {
-		var filtered []db.ListKeysByKeyAuthIDRow
-		for _, key := range keys {
-			if key.Key.ID != cursor {
-				filtered = append(filtered, key)
-			}
-		}
-		filteredKeys = filtered
-	}
-
-	// Determine the actual number of keys to return (respect the limit)
-	numKeysToReturn := len(filteredKeys)
-	hasMore := false
-	if len(filteredKeys) > limit {
-		numKeysToReturn = limit
-		hasMore = true
+	// Determine the cursor for the next page
+	hasMore := len(keys) > limit
+	var nextCursor *string
+	if hasMore {
+		nextCursor = ptr.P(keys[len(keys)-1].Key.ID)
+		// Trim the results to the requested limit
+		keys = keys[:limit]
 	}
 
 	// Transform keys into the response format
-	responseData := make([]openapi.KeyResponseData, numKeysToReturn)
-	for i := 0; i < numKeysToReturn; i++ {
-		key := filteredKeys[i]
+	responseData := make([]openapi.KeyResponseData, len(keys))
+	for i, key := range keys {
 		k := openapi.KeyResponseData{
 			KeyId:       key.Key.ID,
 			Start:       key.Key.Start,
@@ -469,13 +457,6 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		responseData[i] = k
 	}
 
-	// Determine the cursor for the next page
-	var nextCursor *string
-	if hasMore && numKeysToReturn > 0 {
-		cursor := responseData[numKeysToReturn-1].KeyId
-		nextCursor = &cursor
-	}
-
 	return s.JSON(http.StatusOK, Response{
 		Meta: openapi.Meta{
 			RequestId: s.RequestID(),

@@ -94,8 +94,9 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		meta = rawMeta
 	}
 
+	identityID := uid.New(uid.IdentityPrefix)
+
 	err = db.Tx(ctx, h.DB.RW(), func(ctx context.Context, tx db.DBTX) error {
-		identityID := uid.New(uid.IdentityPrefix)
 		args := db.InsertIdentityParams{
 			ID:          identityID,
 			ExternalID:  req.ExternalId,
@@ -110,7 +111,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 			if db.IsDuplicateKeyError(err) {
 				return fault.Wrap(err,
 					fault.Code(codes.Data.Identity.Duplicate.URN()),
-					fault.Internal("identity already exists"), fault.Public(fmt.Sprintf("Identity with externalId \"%s\" already exists in this workspace.", req.ExternalId)),
+					fault.Internal("identity already exists"), fault.Public(fmt.Sprintf("Identity with externalId '%s' already exists in this workspace.", req.ExternalId)),
 				)
 			}
 
@@ -213,6 +214,6 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		Meta: openapi.Meta{
 			RequestId: s.RequestID(),
 		},
-		Data: openapi.V2IdentitiesCreateIdentityResponseData{},
+		Data: openapi.V2IdentitiesCreateIdentityResponseData{IdentityId: identityID},
 	})
 }
@@ -83,7 +83,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 				return fault.New("duplicate ratelimit name",
 					fault.Code(codes.App.Validation.InvalidInput.URN()),
 					fault.Internal("duplicate ratelimit name"),
-					fault.Public(fmt.Sprintf("Ratelimit with name %q is already defined in the request", ratelimit.Name)),
+					fault.Public(fmt.Sprintf("Ratelimit with name '%s' is already defined in the request", ratelimit.Name)),
 				)
 			}
 			nameSet[ratelimit.Name] = true

@@ -143,7 +143,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 
 		return fault.New("role not found",
 			fault.Code(codes.Data.Role.NotFound.URN()),
-			fault.Internal("role not found"), fault.Public(fmt.Sprintf("Role %q was not found.", role)),
+			fault.Internal("role not found"), fault.Public(fmt.Sprintf("Role '%s' was not found.", role)),
 		)
 	}
 

@@ -492,7 +492,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 
 				return fault.New("role not found",
 					fault.Code(codes.Data.Role.NotFound.URN()),
-					fault.Internal("role not found"), fault.Public(fmt.Sprintf("Role %q was not found.", requestedName)),
+					fault.Internal("role not found"), fault.Public(fmt.Sprintf("Role '%s' was not found.", requestedName)),
 				)
 			}
 

@@ -152,7 +152,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		if !exists {
 			return fault.New("permission not found",
 				fault.Code(codes.Data.Permission.NotFound.URN()),
-				fault.Public(fmt.Sprintf("Permission %q was not found.", toRemove)),
+				fault.Public(fmt.Sprintf("Permission '%s' was not found.", toRemove)),
 			)
 		}
 	}

@@ -136,7 +136,7 @@ func (h *Handler) Handle(ctx context.Context, s *zen.Session) error {
 		if !exists {
 			return fault.New("role not found",
 				fault.Code(codes.Data.Role.NotFound.URN()),
-				fault.Public(fmt.Sprintf("Role %q was not found.", role)),
+				fault.Public(fmt.Sprintf("Role '%s' was not found.", role)),
 			)
 		}
 	}