Skip to main content
POST
http://localhost:3000
/
api-keys
curl -X POST 'https://api.example.com/api-keys' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "CI Pipeline",
    "description": "Used for automated deployments",
    "tenantId": "tenant_acme",
    "environmentId": "environment_prod",
    "expiresAt": "2025-01-15T10:30:00Z",
    "intendedUse": "ci-cd"
  }'

{
  "id": "apk_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "subjectId": "subject_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5c",
  "tenantId": "tenant_acme",
  "environmentId": "environment_prod",
  "name": "CI Pipeline",
  "description": "Used for automated deployments",
  "prefix": "qs_live_xxxx",
  "lastFour": "a1b2",
  "secretKey": "qs_live_xxxx1234567890abcdefghijklmnopqrstuvwxyz",
  "hashAlgo": "argon2id",
  "createdBySubjectId": "subject_jane",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2025-01-15T10:30:00Z",
  "status": "active",
  "intendedUse": "ci-cd"
}

Request Body

name
string
required
Display name for the API key (e.g., “CI Pipeline”, “Backup Service”)
description
string
Description of what this key is used for
tenantId
string
Restrict key to a specific tenant
environmentId
string
Restrict key to a specific environment
expiresAt
string
ISO 8601 expiration date. If omitted, key does not expire.
intendedUse
string
Intended use case (e.g., “ci-cd”, “backup”, “reporting”)
metadata
object
Custom metadata

Response

Returns the created API key object including the secret key.
The secret key is only returned once at creation time. Store it securely—it cannot be retrieved later.
curl -X POST 'https://api.example.com/api-keys' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "CI Pipeline",
    "description": "Used for automated deployments",
    "tenantId": "tenant_acme",
    "environmentId": "environment_prod",
    "expiresAt": "2025-01-15T10:30:00Z",
    "intendedUse": "ci-cd"
  }'

{
  "id": "apk_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "subjectId": "subject_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5c",
  "tenantId": "tenant_acme",
  "environmentId": "environment_prod",
  "name": "CI Pipeline",
  "description": "Used for automated deployments",
  "prefix": "qs_live_xxxx",
  "lastFour": "a1b2",
  "secretKey": "qs_live_xxxx1234567890abcdefghijklmnopqrstuvwxyz",
  "hashAlgo": "argon2id",
  "createdBySubjectId": "subject_jane",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2025-01-15T10:30:00Z",
  "status": "active",
  "intendedUse": "ci-cd"
}
Creating an API key also creates an associated Bedrock subject with type service. This subject can be used for permission checks and role assignments.