You can now use the API to generate and revoke API keys. Reminder that your API keys belong to you, and not to any org or network.
To generate a key:
POST /administered/identities/me/api/keys/generate
The response will include the API key. This is your only chance to record the key; it will not be shown in full ever again. If your user has access to many organizations, it could take several minutes for this operation to complete, and for the key to be accepted in every organization where you have access. Docs here.
To revoke a key, use the key's suffix (its last 4 characters) in the following operation:
POST /administered/identities/me/api/keys/:suffix/revoke
If your identity has access to many organizations, it could take several minutes for this operation to complete, and for the key to be revoked everywhere. Docs here.
To view non-sensitive information about your keys, you can use the GET operation.