Skip to main content
POST
/
v3
/
user-access-keys
Create a new API key.
curl --request POST \
  --url https://api.example.com/v3/user-access-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "expires_at": "2023-11-07T05:31:56Z"
}
'
{
  "api_version": "3.0",
  "kind": "NORMAL",
  "data": {
    "key_id": "<string>",
    "name": "<string>",
    "key_suffix": "abc123",
    "created_at": "2023-11-07T05:31:56Z",
    "updated_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "user": {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "email": "jsmith@example.com",
      "full_name": "<string>"
    },
    "organization": {
      "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
      "name": "<string>"
    },
    "token": "fkh_EXMPL001.EXAMPLE_SECRET_DO_NOT_USE_xxxxxxxxxxxxxxxxx",
    "last_used_at": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
name
string
required

User-assigned label for the API key. Must be unique per user per organization. Must start with a letter (A-Z or a-z). After that, letters, digits, spaces, hyphens, and underscores are allowed. Leading and trailing whitespace is stripped by the server before saving.

Required string length: 1 - 128
Pattern: ^[A-Za-z][A-Za-z0-9_ -]*$
expires_at
string<date-time>

Expiration timestamp for the API key. Must be a future timestamp and cannot exceed 100 years from now. If not provided, defaults to 10 years from creation time.

Response

API key created successfully. The token field contains the full composite key_id.secret — this is the only time the secret is available.

Response object for standard API responses.

api_version
enum<string>
default:3.0

API version.

Available options:
2.0,
3.0
kind
enum<string>
default:NORMAL

Type of response, indicating a normal response.

Available options:
NORMAL
data
object

Response body for API key creation. Includes the full composite token which is shown only once.