Skip to main content
POST
/
api-keys
Create a new API key
curl --request POST \
  --url https://api.example.com/api/v1/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "My CRM Integration",
  "type": "personal"
}
'
{
  "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
  "name": "My CRM Integration",
  "type": "branch",
  "keyPrefix": "sk_personal_Ab3x",
  "isActive": true,
  "lastUsedAt": "2023-11-07T05:31:56Z",
  "expiresAt": "2023-11-07T05:31:56Z",
  "createdAt": "2023-11-07T05:31:56Z",
  "updatedAt": "2023-11-07T05:31:56Z",
  "rawKey": "sk_personal_Ab3xYz7qR2mN9kLpW4vC8dE1fT6uS0hJ",
  "note": "Store this key securely — it will not be shown again."
}

Authorizations

Authorization
string
header
required

Staff panel JWT access token

Body

application/json
name
string
required
Maximum string length: 100
Example:

"My CRM Integration"

type
enum<string>
default:personal
required
Available options:
branch,
personal,
public
branchId
integer

Required when type=branch or type=public

Example:

1

expiresAt
string<date-time>

ISO 8601 expiry date. Omit for no expiry.

Example:

"2027-01-01T00:00:00Z"

Response

API key created. The rawKey field is shown only in this response.

id
string<uuid>
name
string
Example:

"My CRM Integration"

type
enum<string>
Available options:
branch,
personal,
public
keyPrefix
string

First 20 chars of the key, for display

Example:

"sk_personal_Ab3x"

isActive
boolean
Example:

true

lastUsedAt
string<date-time> | null
expiresAt
string<date-time> | null
createdAt
string<date-time>
updatedAt
string<date-time>
rawKey
string

The full API key. Shown only once — store securely.

Example:

"sk_personal_Ab3xYz7qR2mN9kLpW4vC8dE1fT6uS0hJ"

note
string
Example:

"Store this key securely — it will not be shown again."