Create API key (returns raw key once)
const url = 'https://example.com/v1/api-keys';const options = { method: 'POST', headers: { 'X-Tenant-ID': '2489E9AD-2EE2-8E00-8EC9-32D5F69181C0', 'X-API-Key': '<X-API-Key>', 'Content-Type': 'application/json' }, body: '{"name":"example","scopes":["example"],"expires_at":"2026-04-15T12:00:00Z","identity_provider_id":"2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/v1/api-keys \ --header 'Content-Type: application/json' \ --header 'X-API-Key: <X-API-Key>' \ --header 'X-Tenant-ID: 2489E9AD-2EE2-8E00-8EC9-32D5F69181C0' \ --data '{ "name": "example", "scopes": [ "example" ], "expires_at": "2026-04-15T12:00:00Z", "identity_provider_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0" }'Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Header Parameters
Section titled “Header Parameters ”Tenant identifier. Must match the tenant associated with the credential. Returns 403 tenant_mismatch if the credential and header belong to different tenants.
Request Body required
Section titled “Request Body required ”object
Links this API key to a specific identity provider (used for SCIM tokens).
Example generated
{ "name": "example", "scopes": [ "example" ], "expires_at": "2026-04-15T12:00:00Z", "identity_provider_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0"}Responses
Section titled “ Responses ”Created. The raw_key field is only present in this response.
object
User ID or email of the key creator.
When the key was revoked. Null if active.
User who revoked the key.
Links this API key to a specific identity provider (used for SCIM tokens).
The plaintext API key. Shown only once at creation time.
Example generated
{ "id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "name": "example", "scopes": [ "example" ], "created_by": "example", "last_used_at": "2026-04-15T12:00:00Z", "expires_at": "2026-04-15T12:00:00Z", "revoked_at": "2026-04-15T12:00:00Z", "revoked_by": "example", "created_at": "2026-04-15T12:00:00Z", "identity_provider_id": "2489E9AD-2EE2-8E00-8EC9-32D5F69181C0", "raw_key": "example"}Invalid input
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Unauthenticated
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Forbidden
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Referenced identity_provider_id was not found
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}Request fails a semantic constraint (e.g. SCIM scopes on an incapable provider type)
object
Machine-readable error code (e.g. “not_found”, “tenant_mismatch”).
Human-readable description of the error.
Optional additional context about the error.
object
Policy notices from determining Cedar rules, if applicable.
Example generated
{ "code": "example", "message": "example", "details": {}, "notices": [ "example" ]}