Create a new API key
Creates a new API key for authenticating with the API. New keys start in ACTIVE status and can be used immediately for authentication. The response includes the one-time raw API key value which will not be retrievable later - clients must save this value as it cannot be recovered. Requires CREATE_APIKEY_OWN permission (or CREATE_APIKEY_ANY for admin users). Side effects include generating cryptographically secure key material, recording creation timestamp, and tracking creator ID. Returns INVALID_ARGUMENT if expires_at is set to a time in the past.
In: header
API key configuration
Key-value pairs of metadata associated with the API key. Used for organization and filtering.
properties <= 10Empty Object
Expiration timestamp in milliseconds since epoch. If not provided, the key does not expire.
int64Optional client-provided UUID for idempotent creation. If not provided, server generates a new UUID. Returns ALREADY_EXISTS if ID is already in use.
Response Body
curl -X POST "http://localhost:8080/v1/apikeys" \ -H "Content-Type: application/json" \ -d '{ "labels": { "environment": "development", "service": "chat-ui" }, "expiresAt": "1735689600000" }'{
"apiKeyMetadata": {
"apiKeyId": "550e8400-e29b-41d4-a716-446655440000",
"userId": "b3303d0a-1a4a-493f-b9bf-38e37153b5a2",
"keyPrefix": "gm_12345...",
"status": "ACTIVE",
"labels": "{\"purpose\": \"production\", \"service\": \"recommendation-engine\"}",
"expiresAt": "1672531200000",
"lastUsedAt": "1640995200000",
"createdAt": "1640908800000",
"updatedAt": "1640908800000",
"createdById": "b3303d0a-1a4a-493f-b9bf-38e37153b5a2",
"updatedById": "b3303d0a-1a4a-493f-b9bf-38e37153b5a2"
},
"rawApiKey": "gm_12345678901234567890123456789012345678901234567890"
}