POST
/
v1
/
keys.createKey
curl --request POST \
  --url https://api.unkey.dev/v1/keys.createKey \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "apiId": "api_123",
  "prefix": "<string>",
  "name": "my key",
  "byteLength": 135,
  "ownerId": "team_123",
  "meta": {
    "billingTier": "PRO",
    "trialEnds": "2023-06-16T17:16:37.161Z"
  },
  "roles": [
    "admin",
    "finance"
  ],
  "permissions": [
    "domains.create_record",
    "say_hello"
  ],
  "expires": 1623869797161,
  "remaining": 1000,
  "refill": {
    "interval": "daily",
    "amount": 100
  },
  "ratelimit": {
    "type": "fast",
    "limit": 10,
    "duration": 60000
  },
  "enabled": true,
  "environment": "<string>"
}'
{
  "keyId": "key_123",
  "key": "prefix_xxxxxxxxx"
}

Changelog

DateChanges
Dec 06 2023Introduced endpoint

Authorizations

Authorization
string
headerrequired

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Body

application/json
apiId
string
required

Choose an API where this key should be created.

prefix
string

To make it easier for your users to understand which product an api key belongs to, you can add prefix them.

For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.

The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx

name
string

The name for your Key. This is not customer facing.

byteLength
integer
default: 16

The byte length used to generate your key determines its entropy as well as its length. Higher is better, but keys become longer and more annoying to handle. The default is 16 bytes, or 2^^128 possible combinations.

ownerId
string

Your user’s Id. This will provide a link between Unkey and your customer record. When validating a key, we will return this back to you, so you can clearly identify your user from their api key.

meta
object

This is a place for dynamic meta data, anything that feels useful for you should go here

roles
string[]

A list of roles that this key should have. If the role does not exist, an error is thrown

permissions
string[]

A list of permissions that this key should have. If the permission does not exist, an error is thrown

expires
integer

You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.

remaining
integer

You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.

refill
object

Unkey enables you to refill verifications for each key at regular intervals.

ratelimit
object

Unkey comes with per-key fixed-window ratelimiting out of the box.

enabled
boolean
default: true

Sets if key is enabled or disabled. Disabled keys are not valid.

environment
string

Environments allow you to divide your keyspace.

Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to give the developer a way to develop their own application without the risk of modifying real world resources.

When you set an environment, we will return it back to you when validating the key, so you can handle it correctly.

Response

200 - application/json
keyId
string
required

The id of the key. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.

key
string
required

The newly created api key, do not store this on your own system but pass it along to your user.

Was this page helpful?

INTERNAL_SERVER_ERRORVerify a key