Create API Key - Bedrock

curl -X POST 'https://api.example.com/api-keys' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "CI Pipeline",
    "description": "Used for automated deployments",
    "tenantId": "tenant_acme",
    "environmentId": "environment_prod",
    "expiresAt": "2025-01-15T10:30:00Z",
    "intendedUse": "ci-cd"
  }'

{
  "id": "apk_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "subjectId": "subject_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5c",
  "tenantId": "tenant_acme",
  "environmentId": "environment_prod",
  "name": "CI Pipeline",
  "description": "Used for automated deployments",
  "prefix": "qs_live_xxxx",
  "lastFour": "a1b2",
  "secretKey": "qs_live_xxxx1234567890abcdefghijklmnopqrstuvwxyz",
  "hashAlgo": "argon2id",
  "createdBySubjectId": "subject_jane",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2025-01-15T10:30:00Z",
  "status": "active",
  "intendedUse": "ci-cd"
}

POST

api-keys

curl -X POST 'https://api.example.com/api-keys' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "CI Pipeline",
    "description": "Used for automated deployments",
    "tenantId": "tenant_acme",
    "environmentId": "environment_prod",
    "expiresAt": "2025-01-15T10:30:00Z",
    "intendedUse": "ci-cd"
  }'

{
  "id": "apk_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "subjectId": "subject_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5c",
  "tenantId": "tenant_acme",
  "environmentId": "environment_prod",
  "name": "CI Pipeline",
  "description": "Used for automated deployments",
  "prefix": "qs_live_xxxx",
  "lastFour": "a1b2",
  "secretKey": "qs_live_xxxx1234567890abcdefghijklmnopqrstuvwxyz",
  "hashAlgo": "argon2id",
  "createdBySubjectId": "subject_jane",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2025-01-15T10:30:00Z",
  "status": "active",
  "intendedUse": "ci-cd"
}

Request Body

name

string

required

Display name for the API key (e.g., “CI Pipeline”, “Backup Service”)

description

string

Description of what this key is used for

tenantId

string

Restrict key to a specific tenant

environmentId

string

Restrict key to a specific environment

expiresAt

string

ISO 8601 expiration date. If omitted, key does not expire.

intendedUse

string

Intended use case (e.g., “ci-cd”, “backup”, “reporting”)

metadata

object

Custom metadata

Response

Returns the created API key object including the secret key.

The secret key is only returned once at creation time. Store it securely—it cannot be retrieved later.

curl -X POST 'https://api.example.com/api-keys' \
  -H 'Authorization: Bearer YOUR_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "CI Pipeline",
    "description": "Used for automated deployments",
    "tenantId": "tenant_acme",
    "environmentId": "environment_prod",
    "expiresAt": "2025-01-15T10:30:00Z",
    "intendedUse": "ci-cd"
  }'

{
  "id": "apk_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5b",
  "subjectId": "subject_0190a1b2-c3d4-7e5f-8a9b-0c1d2e3f4a5c",
  "tenantId": "tenant_acme",
  "environmentId": "environment_prod",
  "name": "CI Pipeline",
  "description": "Used for automated deployments",
  "prefix": "qs_live_xxxx",
  "lastFour": "a1b2",
  "secretKey": "qs_live_xxxx1234567890abcdefghijklmnopqrstuvwxyz",
  "hashAlgo": "argon2id",
  "createdBySubjectId": "subject_jane",
  "createdAt": "2024-01-15T10:30:00Z",
  "expiresAt": "2025-01-15T10:30:00Z",
  "status": "active",
  "intendedUse": "ci-cd"
}

Creating an API key also creates an associated Bedrock subject with type service. This subject can be used for permission checks and role assignments.

Get API Key

Update API Key

​Request Body

​Response

Request Body

Response