Mint a new API key for the resolved application. Returns the secret once (201).
POST
Secret API key operationId: create/v1/api-keys Authorization
Server-to-server. Send a secret key as a Bearer token plus the x-application-id header.
Request body · required
expires_in_daysinteger<int64> int64Optional days until the key expires (Item 18). Omitted / null = never expires.
namestring requiredscopesstring[]Optional scope grants (e.g. `["admin"]`). Empty means no extra scopes.
Responses
201 Created (secret shown once)
{
"data": {
"active": false,
"created_at": "2026-01-15T09:30:00Z",
"expires_at": "2026-01-15T09:30:00Z",
"id": "018f3c4a-7b2e-7c1d-9e0a-1f2b3c4d5e6f",
"last_used_at": "2026-01-15T09:30:00Z",
"name": "string",
"revoked_at": "2026-01-15T09:30:00Z",
"scopes": [
"string"
],
"secret": "string"
},
"error": {
"code": "string",
"message": "string"
},
"meta": {
"timestamp": "string"
},
"success": false
} 422 Invalid request
Request
curl -X POST "http://localhost:8080/v1/api-keys" \
-H "Content-Type: application/json" \
-d '{
"expires_in_days": 0,
"name": "production-backend",
"scopes": [
"string"
]
}'Try it
live requestPOST
http://localhost:8080/v1/api-keys