Create an API key

POST

/v1/iam/identities/{id}/api-keys

const url = 'http://localhost:8080/v1/iam/identities/example/api-keys';
const options = {
  method: 'POST',
  headers: {'Content-Type': 'application/json'},
  body: '{"name":"example","description":"example","roleId":"example","rateLimitPerMinute":1,"expiresAt":"2026-04-15T12:00:00Z","currentPassword":"example","totpCode":"example"}'
};

try {
  const response = await fetch(url, options);
  const data = await response.json();
  console.log(data);
} catch (error) {
  console.error(error);
}

curl --request POST \
  --url http://localhost:8080/v1/iam/identities/example/api-keys \
  --header 'Content-Type: application/json' \
  --data '{ "name": "example", "description": "example", "roleId": "example", "rateLimitPerMinute": 1, "expiresAt": "2026-04-15T12:00:00Z", "currentPassword": "example", "totpCode": "example" }'

Returns the plaintext key ONCE in rawKey. Subsequent reads only expose keyPrefix. Re-auth (currentPassword/totpCode) required when the chosen role carries *:*:* or cross_tenant:*:* (C7).

Parameters

Path Parameters

required

string

Request Body^required

application/json

object

name

required

string

>= 1 characters <= 120 characters

description

string

<= 500 characters

roleId

required

string

>= 1 characters

rateLimitPerMinute

integer

>= 1 <= 5000

expiresAt

string format: date-time

currentPassword

string

>= 1 characters <= 1024 characters

totpCode

string

/^\d{6}$/

Example ^generated

{
  "name": "example",
  "description": "example",
  "roleId": "example",
  "rateLimitPerMinute": 1,
  "expiresAt": "2026-04-15T12:00:00Z",
  "currentPassword": "example",
  "totpCode": "example"
}

Responses

201

ApiKey created.

application/json

object

status

required

string

Allowed value: success

code

required

string

data

required

object

required

string

name

required

string

description

required

string | null

keyPrefix

required

string

roleId

required

string

rateLimitPerMinute

required

integer

lastUsedAt

required

string | null format: date-time

expiresAt

required

string | null format: date-time

revokedAt

required

string | null format: date-time

createdAt

required

string format: date-time

rawKey

required

string

cache

object

hit

required

boolean

key

string

ageSeconds

integer

expiresAt

string format: date-time

timing

object

totalMs

required

integer

dbMs

integer

externalMs

integer

deprecation

object

sunset

required

string format: date-time

successor

string

note

string

Example

{
  "status": "success"
}

400

Requête mal formée (validation_error, invalid_idempotency_key, invalid_sort_field, invalid_filter).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

401

Authentification manquante ou invalide.

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

403

Scope insuffisant (forbidden, no_active_plan, service_disabled_on_plan).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

404

Ressource introuvable (ou hors-tenant).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

422

Validation métier KO (unsafe_url, invalid_bulk_body).

application/json

object

status

required

string

Allowed value: error

code

required

string

error

required

object

message

string

requestId

required

string

details

Array<object>

object

path

string

code

string

message

string

key

additional properties

Example

{
  "status": "error"
}

Create an API key

Parameters

Path Parameters

Request Body required

Example generated

Responses

201

Example

400

Example

401

Example

403

Example

404

Example

422

Example

Request Body^required

Example ^generated