> ## Documentation Index > Fetch the complete documentation index at: https://docs.fiddler.ai/llms.txt > Use this file to discover all available pages before exploring further. # Create a new API key. > Create a new API key for the authenticated user. Requires a unique name per user per organization. The full composite API key (key_id.secret) is returned once in the response and cannot be retrieved again. Enforces MAX_ACCESS_KEYS_PER_USER limit (default 5, new table only). ## OpenAPI ````yaml POST /v3/user-access-keys openapi: 3.0.3 info: title: Fiddler API - 2.0 description: APIs to interact with Fiddler termsOfService: https://fiddler.ai/about/terms contact: email: support@fiddler.ai license: name: Proprietary url: '2.0' version: '2.0' servers: [] security: - BearerAuth: [] tags: - name: access-key description: CRUD operations for API keys - name: span-v3 - name: aggregation-invalidation-request-v3 description: Endpoints related to retrieving aggregation invalidation requests - name: alert-rules-v3 description: CRUD for Alert Rules, Summary, and Stats APIs - name: application-v3 - name: attribute-v3 - name: auth description: Authentication strategies and login flows - name: baseline-v3 description: CRUD for baseline - name: catalog-v3 description: >- Entity catalog provides paginated, searchable discovery of entity names (attribute keys, agent names, span types, span names) and their distinct values. Powered by ClickHouse materialized views — no worker or PostgreSQL dependency. - name: chart-annotation-v3 description: Endpoints related to retrieving chart annotations - name: chart-v3 description: CRUD for chart - name: queries-v3 description: v3 queries API - name: configuration-v3 description: CRUD for configurations - name: custom-metrics-v3 - name: dimensionality-reduction-v3 - name: environment-v3 description: Endpoints related to environment management - name: evals - name: datasets - name: evaluation-v3 - name: evaluator-v3 - name: rule-evaluators-v3 - name: experiment-v3 - name: explainability-v3 - name: llm_rca-v3 - name: file-upload description: Endpoints related to file uploading. - name: fql-expressions-v3 description: > Endpoints for listing FQL (Fiddler Query Language) functions available for GenAI custom metrics. Used by the frontend for autocomplete and signature hints in the FQL editor. - name: genai-alert-rules-v3 description: CRUD API for GenAI Alert Rules - name: genai-custom-metrics-v3 description: API for GenAI Custom Metrics - name: genai-metrics-v3 description: >- Endpoints for pre-aggregated GenAI metrics. All metric data is pre-aggregated by an hourly ClickHouse refreshable materialized view; no real-time aggregation is performed at request time. - name: guardrails-api description: Endpoints related to retrieving Guardrails specific data - name: ingestion-v3 - name: intercom-api description: Endpoints related to intercom APIs - name: jobs-v3 - name: llm-gateway-v3 - name: auth-login - name: auth-logout - name: metrics-v3 description: Metrics endpoints - name: model-v3 - name: dashboard-v3 - name: model-deployment-v3 - name: monitoring-summary-v3 - name: histograms-v3 - name: organization-roles-v3 description: Update user org role - name: organization-settings-v3 description: Update organization settings such as timezone, email configuration, etc. - name: pagerduty-api description: CRUD for Pagerduty services. - name: project-v3 - name: project-roles-v3 description: Project role assignment management - name: searchable-text-key-v3 description: >- Manage the global searchable text keys table that controls which OTel attribute keys are routed to the full-text-searchable `ValueContent` column in the unified attributes table. Changes propagate to the backing ClickHouse dictionary within 1-2 minutes and affect all tenants. - name: segments-v3 - name: semantic-mapping-v3 description: >- Manage the global semantic name mappings table that maps raw OTel attribute keys to canonical semantic concepts. Changes propagate to the backing ClickHouse dictionary within 1-2 minutes and affect all tenants. - name: server-info-v3 description: Endpoints related to retrieving server information - name: sessions-v3 description: v3 session APIs - name: team-roles-v3 - name: team-v3 - name: traces-v3 description: v3 trace api for monitoring - name: fetch-sessions-v3 description: v3 fetch sessions api for monitoring - name: user-access-key description: > CRUD operations for user API keys. All endpoints are user-scoped — each user can only operate on their own API keys. No one including Org admins have access to other users' API keys. - name: users-v3 - name: version-compatibility-v3 - name: webhooks externalDocs: url: https://docs.fiddler.ai description: Find out more about Fiddler paths: /v3/user-access-keys: post: tags: - user-access-key summary: Create a new API key. description: > Create a new API key for the authenticated user. Requires a unique name per user per organization. The full composite API key (key_id.secret) is returned once in the response and cannot be retrieved again. Enforces MAX_ACCESS_KEYS_PER_USER limit (default 5, new table only). operationId: createUserAccessKey requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/UserAccessKeyCreateRequestBody' responses: '201': description: > API key created successfully. The token field contains the full composite key_id.secret — this is the only time the secret is available. content: application/json: schema: allOf: - $ref: '#/components/schemas/ApiResponse' - type: object properties: data: $ref: '#/components/schemas/UserAccessKeyTokenResponseBody' '400': $ref: '#/components/responses/400' '401': $ref: '#/components/responses/401' '403': $ref: '#/components/responses/403' '409': $ref: '#/components/responses/409' '500': $ref: '#/components/responses/500' components: schemas: UserAccessKeyCreateRequestBody: type: object required: - name properties: name: $ref: '#/components/schemas/UserAccessKeyName' expires_at: type: string format: date-time description: > Expiration timestamp for the API key. Must be a future timestamp and cannot exceed 100 years from now. If not provided, defaults to 10 years from creation time. ApiResponse: type: object description: | Response object for standard API responses. properties: api_version: type: string default: '3.0' enum: - '2.0' - '3.0' description: | API version. kind: type: string default: NORMAL enum: - NORMAL description: | Type of response, indicating a normal response. UserAccessKeyTokenResponseBody: description: > Response body for API key creation. Includes the full composite token which is shown only once. allOf: - $ref: '#/components/schemas/UserAccessKeySingleResponseBody' - type: object required: - token properties: token: type: string description: > Full composite API key (key_id.secret). Shown once at creation — cannot be retrieved again. Store securely. example: fkh_EXMPL001.EXAMPLE_SECRET_DO_NOT_USE_xxxxxxxxxxxxxxxxx UserAccessKeyName: type: string description: > User-assigned label for the API key. Must be unique per user per organization. Must start with a letter (A-Z or a-z). After that, letters, digits, spaces, hyphens, and underscores are allowed. Leading and trailing whitespace is stripped by the server before saving. maxLength: 128 minLength: 1 pattern: ^[A-Za-z][A-Za-z0-9_ -]*$ UserAccessKeySingleResponseBody: type: object description: | API key metadata. Never includes secrets or hashes. required: - key_id - name - key_suffix - created_at - updated_at - expires_at - user - organization properties: key_id: $ref: '#/components/schemas/UserAccessKeyId' name: $ref: '#/components/schemas/UserAccessKeyName' key_suffix: type: string description: | Last 6 characters of the secret, for UI display (e.g. "abc123"). minLength: 6 maxLength: 6 example: abc123 created_at: type: string format: date-time description: Timestamp when the API key was created. updated_at: type: string format: date-time description: Timestamp when the API key was last updated. expires_at: type: string format: date-time description: Expiration timestamp for the API key. last_used_at: type: string format: date-time description: > Timestamp when the API key was last used for authentication, or null if never used. Reserved for future use — always null in Phase 1. nullable: true user: $ref: '#/components/schemas/UserCompact' organization: $ref: '#/components/schemas/OrganizationCompact' ErrorResponse: type: object description: | Response object for errors returned by the API. properties: api_version: type: string default: '3.0' enum: - '2.0' - '3.0' description: | API version of the response. kind: type: string default: ERROR enum: - ERROR description: | Type of response, usually indicating an error. error: type: object properties: code: type: integer format: int32 description: > Represents the code for this error, typically an HTTP response code. default: 400 enum: - 400 - 403 - 404 - 500 message: type: string description: > A human-readable message providing more details about the error. If there are multiple errors, it will be the message for the first error. example: Resource Not Found errors: type: array description: > Container for additional information regarding the error, especially for multiple errors. items: type: object properties: reason: type: string description: > Unique identifier for this error, different from the error code. example: ResourceNotFoundException message: type: string description: > A human-readable message providing more details about the error. If there is only one error, this field will match error.message. example: Resource Not Found help: type: string description: > Link to support or documentation providing more information on the error. UserAccessKeyId: type: string description: > Public API key identifier (e.g. fkh_a1b2c3D4). Composed of the prefix (e.g. "fkh_") followed by a base64url-encoded random suffix containing uppercase and lowercase letters, digits, hyphens, and underscores. Used for lookups, deletion, and updates. maxLength: 16 minLength: 12 pattern: ^[a-z0-9]+_[A-Za-z0-9_-]+$ UserCompact: type: object title: UserCompactV3 description: > Compact version of a user which can be included in the response of relevant APIs. required: - id - email properties: id: type: string format: uuid readOnly: true description: | Unique identifier for the user. full_name: type: string readOnly: true description: | Full name of the user. email: type: string format: email description: | Email address of the user. OrganizationCompact: type: object title: OrganizationCompact description: > Compact version of an organization which can be included in the response of relevant APIs. required: - id - name properties: id: type: string format: uuid description: | Unique identifier of the organization. name: type: string description: | Name of the organization. responses: '400': description: Bad Request content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '401': description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '403': description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '409': description: Conflict content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' '500': description: Internal Server Error content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' securitySchemes: BearerAuth: type: http scheme: bearer ````