> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sdk.anghami.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Developer Portal

> How developers register, manage API keys, and operate against the SDK.

The [Developer Portal](https://developers.anghami.com) is where you register as an integrator and manage your API keys.

<Note>
  **Coming soon.** The portal URL above is a placeholder while we build out the public developer onboarding flow. Until it goes live, contact your Anghami partnership lead for API access, or open an issue on the [SDK repo](https://github.com/anghami/sdk).
</Note>

## What you do in the portal

* **Register** as a developer (one-time).
* **Create an OAuth client** for user-scoped flows — get a `client_id` and configure your `redirect_uri`.
* **Create API keys** for server-to-server access — copy the secret once at creation time; it cannot be retrieved later.
* **View usage and billing** — per-key request counts, rate-limit status, billable stream counts.

## What you do via the API

Programmatic key lifecycle is exposed through `DeveloperService`. Every operation requires an OAuth access token — developers manage their own keys with their own user identity.

| RPC            | What it does                                                                                       |
| -------------- | -------------------------------------------------------------------------------------------------- |
| `CreateApiKey` | Create a new key with a name and scopes. Returns the secret **once**.                              |
| `ListApiKeys`  | List keys belonging to the authenticated developer. Secrets are never returned, only `key_prefix`. |
| `GetApiKey`    | Fetch one key by ID. Same — no secret.                                                             |
| `UpdateApiKey` | Update metadata (name) via FieldMask.                                                              |
| `RotateApiKey` | Generate a new secret. The old one stays valid for a server-defined grace period.                  |
| `RevokeApiKey` | Permanently deactivate. **Irreversible.**                                                          |

See [API Keys](/api-keys) for the full lifecycle and rotation strategy.

## Why OAuth-managed API keys

Keys themselves are server-to-server credentials, but **managing** them is a user-scoped operation — only the developer who owns a key should be able to rotate or revoke it. The portal and the SDK both gate `DeveloperService` behind the developer's OAuth identity.

## Rate-limit and billing visibility

The portal surfaces:

* Per-key call rate and 429 frequency.
* Stream acquisition counts (the billable event — see [Streaming & Billing](/streaming-billing)).
* Quota and tier information.

## What's not here

* **App store distribution.** Distributing your client app is on you.
* **End-user sign-up.** End users sign up inside Anghami / OSN+, not via your portal account.
* **Subscription management.** Entitlements live outside the SDK.