Create API Key
Beta/v1/auth/api-keysIdempotent with Idempotency-Key header. Learn more
Creates an API key to authenticate API requests.
The secret key is returned once and cannot be retrieved later, so you should store it securely. We provide some recommendations on how you can manage your API keys.
include[]optional arrayenumValues:rolerole.permissionsSub-objects to expand in the response. When omitted, sub-objects are returned as null.
role_idstringID of the role to assign to the API key.
The role determines the permissions of requests authenticated with the key.
namestringHuman-readable name for the API key.
expires_atoptional string (date-time)When the key expires and stops authenticating requests.
If omitted, the key never expires.
objectstringenumValues:created_api_keyResource type identifier.
api_key_secretstringFull secret value.
Returned once and cannot be retrieved later. Learn more about managing your API keys.
api_key_infoapi_keyAPI key metadata.
idstringAPI key ID.
objectstringenumValues:api_keyResource type identifier.
namestringHuman-readable name for the API key.
redacted_valuestringRedacted key value safe for display.
The key's prefix followed by its last four characters, e.g. aug_sk_prod_****hjt4.
Role assigned to the key, which determines the permissions of requests made with it.
idstringRole ID.
objectstringenumValues:roleResource type identifier.
namestringDisplay name, unique within the account.
typestringenumValues:adminuserscannerThe kind of role.
The role's type is sometimes used to gate special behaviors and to restrict some actions to only certain types of roles. For example, only roles with the type admin can create and manage API keys.
admin: full administrative access, including managing API keys.user: a custom role tailored to a specific need (its permissions are defined explicitly). Roles created through the API always have this type.scanner: a role for scanning-station operators.sales_rep: a role for sales representatives.agent: a role assigned to an automated agent rather than a person.
ownerownernullableProvenance of this role.
System-owned roles are global defaults shared across all accounts and cannot be modified or deleted; account-owned roles are custom roles created by that account.
null in this endpoint.permissionsarray of stringExpandablenullablePermissions granted by this role, in {domain}:{action} format, such as customers:read.
created_atstring (date-time)Creation timestamp.
updated_atstring (date-time)Last updated timestamp.
last_used_atstring (date-time)nullableWhen the key was last used to authenticate a request.
Updated at most once every 24 hours, so it may lag the key's most recent use. null if the key has never been used.
expires_atstring (date-time)nullableWhen the key expires and stops authenticating.
null if the key never expires.
revoked_atstring (date-time)nullableWhen the key's revocation takes effect.
A future timestamp means revocation was scheduled (for example, during rotation) and the key continues to authenticate requests until that time. null if the key has not been revoked.
created_atstring (date-time)Creation timestamp.
updated_atstring (date-time)Last updated timestamp.
Responses
Successful response for Create API Key