# Expected Endpoints

- OpenAPI UI: `/docs`
- OpenAPI JSON: `/openapi.json`
- API key list: `GET /api/tenant/api-keys`
- API key create: `POST /api/tenant/api-keys`
- API key update: `PATCH /api/tenant/api-keys/:id`
- API key delete: `DELETE /api/tenant/api-keys/:id`
- M2M exchange: `POST /internal/auth/m2m/token`

# Header Conventions

- API key auth: `x-api-key`
- JWT auth: `Authorization: Bearer <token>`