Reference / API Keys

Mint a new API key for the resolved application. Returns the secret once (201).

POST /v1/api-keys
Secret API key operationId: create

Authorization

Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.

Request body · required

  • expires_in_days integer<int64> int64

    Optional days until the key expires (Item 18). Omitted / null = never expires.

  • name string required
  • scopes string[]

    Optional scope grants (e.g. `["admin"]`). Empty means no extra scopes.

Responses

201 Created (secret shown once)
{
  "data": {
    "active": false,
    "created_at": "2026-01-15T09:30:00Z",
    "expires_at": "2026-01-15T09:30:00Z",
    "id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
    "last_used_at": "2026-01-15T09:30:00Z",
    "name": "string",
    "revoked_at": "2026-01-15T09:30:00Z",
    "scopes": [
      "string"
    ],
    "secret": "string"
  },
  "error": {
    "code": "string",
    "message": "string"
  },
  "meta": {
    "timestamp": "string"
  },
  "success": false
}
422 Invalid request

Request

curl -X POST "http://localhost:8080/v1/api-keys" \
  -H "Content-Type: application/json" \
  -d '{
  "expires_in_days": 0,
  "name": "production-backend",
  "scopes": [
    "string"
  ]
}'

Try it

live request
POST http://localhost:8080/v1/api-keys

Request body

application/json