Create a key
Create a new key.
Changelog
| Date | Changes |
|---|---|
| Dec 06 2023 | Introduced endpoint |
Authorizations
Bearer authentication header of the form Bearer <token>, where <token> is your auth token.
Body
Choose an API where this key should be created.
To make it easier for your users to understand which product an api key belongs to, you can add prefix them.
For example Stripe famously prefixes their customer ids with cus_ or their api keys with sk_live_.
The underscore is automatically added if you are defining a prefix, for example: "prefix": "abc" will result in a key like abc_xxxxxxxxx
The name for your Key. This is not customer facing.
The byte length used to generate your key determines its entropy as well as its length. Higher is better, but keys become longer and more annoying to handle. The default is 16 bytes, or 2^^128 possible combinations.
Deprecated, use externalId
Your user's Id. This will provide a link between Unkey and your customer record. When validating a key, we will return this back to you, so you can clearly identify your user from their api key.
This is a place for dynamic meta data, anything that feels useful for you should go here
A list of roles that this key should have. If the role does not exist, an error is thrown
A list of permissions that this key should have. If the permission does not exist, an error is thrown
You can auto expire keys by providing a unix timestamp in milliseconds. Once Keys expire they will automatically be disabled and are no longer valid unless you enable them again.
You can limit the number of requests a key can make. Once a key reaches 0 remaining requests, it will automatically be disabled and is no longer valid unless you update it.
Unkey enables you to refill verifications for each key at regular intervals.
Unkey comes with per-key fixed-window ratelimiting out of the box.
Sets if key is enabled or disabled. Disabled keys are not valid.
You may want to show keys again later. While we do not recommend this, we leave this option open for you.
In addition to storing the key's hash, recoverable keys are stored in an encrypted vault, allowing you to retrieve and display the plaintext later.
https://www.unkey.com/docs/security/recovering-keys for more information.
Environments allow you to divide your keyspace.
Some applications like Stripe, Clerk, WorkOS and others have a concept of "live" and "test" keys to give the developer a way to develop their own application without the risk of modifying real world resources.
When you set an environment, we will return it back to you when validating the key, so you can handle it correctly.
Response
The id of the key. This is not a secret and can be stored as a reference if you wish. You need the keyId to update or delete a key later.
The newly created api key, do not store this on your own system but pass it along to your user.
Was this page helpful?