Inconsistent minimum Byte Length validation between web app and createKey API endpoint

[unrenamed]

Preliminary Checks

• I have reviewed the documentation: https://unkey.com/docs

• I have searched for existing issues: https://github.com/unkeyed/unkey/issues

• This issue is not a question, general help request, or anything other than a bug report directly related to Unkey. Please ask questions in our Discord community: https://unkey.com/discord.

Reproduction / Replay Link (Optional)

No response

Issue Summary

When setting a default minimum byte length for keys (minimum 8 bytes) in the web app, this setting applies when creating keys via the key creation form. However, when attempting to create a key with the same byte length through the https://api.unkey.dev/v1/keys.createKey API endpoint, an error occurs. This inconsistency causes confusion, as it seems the default byte length setting should allow the request to be accepted. Clarifying or aligning these behaviors would improve user experience.

curl --request POST \
  --url https://api.unkey.dev/v1/keys.createKey \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "apiId": "api_<id>",
  "name": "my key",
  "byteLength": 8 }'

The response body:

{"error":{"code":"BAD_REQUEST","docs":"https://unkey.dev/docs/api-reference/errors/code/BAD_REQUEST","message":"byteLength: Number must be greater than or equal to 16","requestId":"req_"}}

Steps to Reproduce

1. In the web app, set the default byte length for keys to 8.
2. Attempt to create a key through the web form using an 8-byte key (this should succeed).
3. Call the https://api.unkey.dev/v1/keys.createKey endpoint with an 8-byte key in the request body (this should fail with the error body above).

Expected behavior

1. The web app should accept a minimum 16-byte key in the Create a new key form.
2. The web app should accept a minimum 16-byte key in the API settings Default Bytes section.
3. The keys.createKey should use the configured default byte length for the API if the byteLength field is not provided (body.byteLength ?? api.defaultByteLength ?? 16)

Other information

No response

Screenshots

No response

Version info

- OS:
- Node:
- npm:

[linear]

ENG-1541 Inconsistent minimum Byte Length validation between web app and` createKey` API endpoint

[chronark]

/award 150

[oss-gg]

Awarding unrenamed: 150 points 🕹️ Well done! Check out your new contribution on oss.gg/unrenamed

[oss-gg]

You already have an open issue assigned to you here. Once that's closed or unassigned, only then we recommend you to take up more.

[bitbrief]

/assign

[oss-gg]

Assigned to @bitbrief! Please open a draft PR linking this issue within 48h ⚠️ If we can't detect a PR from you linking this issue in 48h, you'll be unassigned automatically 🕹️ Excited to have you ship this 🚀

[oss-gg]

@bitbrief, please open a draft PR linking this issue within 12 hours. If we can't detect a PR in 12 hours, you will be unassigned automatically.

[bitbrief]

Hi @chronark! I am receiving a 404 error during running the api locally.

[chronark]

I need more context to help, what are you doing and what have you tried to fix it?