From dce9eb30c1d2a2618ea456338224ac1857738873 Mon Sep 17 00:00:00 2001
From: wukko <me@wukko.me>
Date: Thu, 26 Jun 2025 22:23:25 +0600
Subject: [PATCH] docs/protect-an-instance: add info about allowedServices in
 api keys

---
 docs/protect-an-instance.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/docs/protect-an-instance.md b/docs/protect-an-instance.md
index 30584102..0271375e 100644
--- a/docs/protect-an-instance.md
+++ b/docs/protect-an-instance.md
@@ -159,7 +159,8 @@ type KeyFileContents = Record<
         name?: string,
         limit?: number | "unlimited",
         ips?: (CIDRString | IPString)[],
-        userAgents?: string[]
+        userAgents?: string[],
+        allowedServices?: "all" | string[],
     }
 >;
 ```
@@ -179,6 +180,11 @@ where *`UUIDv4String`* is a stringified version of a UUIDv4 identifier.
     - when specified, requests with a `user-agent` that does not appear in this array will be rejected.
     - when omitted, any user agent can be specified to make requests with that API key.
 
+- **`allowedServices`** is an array of allowed services or `"all"`.
+    - when `"all"` is specified, the key will be able to access all supported services, even if they're globally disabled via `DISABLED_SERVICES`.
+    - when an array of services is specified, the key will be able to access only the services included in the array.
+    - when omitted, the key will use the global list of supported services.
+
 - if both `ips` and `userAgents` are set, the tokens will be limited by both parameters.
 - if cobalt detects any problem with your key file, it will be ignored and a warning will be printed to the console.