Skip to main content
POST
/
api-auth
/
apps
/
{app_slug}
/
keys
Create API key
curl --request POST \
  --url https://api.wacht.dev/api-auth/apps/{app_slug}/keys \
  --header 'Authorization: <api-key>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Production Key",
  "permissions": [
    "<string>"
  ],
  "metadata": {},
  "expires_at": "2024-12-31T23:59:59Z"
}
'
{
  "id": "1234567890123456789",
  "app_slug": "my-app",
  "deployment_id": "1111111111111111111",
  "name": "Production Key",
  "key_prefix": "wacht_prod",
  "key_suffix": "abcd",
  "permissions": [
    "<string>"
  ],
  "org_role_permissions": [
    "<string>"
  ],
  "workspace_role_permissions": [
    "<string>"
  ],
  "owner_user_id": "<string>",
  "organization_id": "<string>",
  "workspace_id": "<string>",
  "organization_membership_id": "<string>",
  "workspace_membership_id": "<string>",
  "metadata": {},
  "expires_at": "2023-11-07T05:31:56Z",
  "last_used_at": "2023-11-07T05:31:56Z",
  "is_active": true,
  "created_at": "2024-01-15T10:30:00Z",
  "updated_at": "2024-01-15T10:30:00Z",
  "revoked_at": "2023-11-07T05:31:56Z",
  "revoked_reason": "<string>",
  "secret": "<string>"
}

Authorizations

Authorization
string
header
required

API key authentication (format: Bearer {api_key})

Path Parameters

app_name
string
required

API Auth app name

Body

application/json
name
string
required

API key name

Example:

"Production Key"

permissions
string[] | null

Permissions list (defaults to read-only if omitted)

metadata
object

Additional metadata

expires_at
string<date-time> | null

Expiration timestamp

Example:

"2024-12-31T23:59:59Z"

Response

API key created

id
string

Key ID

Example:

"1234567890123456789"

app_slug
string

App slug

Example:

"my-app"

deployment_id
string

Deployment ID

Example:

"1111111111111111111"

name
string

Key name

Example:

"Production Key"

key_prefix
string

Key prefix

Example:

"wacht_prod"

key_suffix
string

Key suffix (last 4 characters)

Example:

"abcd"

permissions
string[]

Granted permissions

org_role_permissions
string[]

Permissions derived from organization roles

workspace_role_permissions
string[]

Permissions derived from workspace roles

owner_user_id
string | null

User ID who owns this key

organization_id
string | null

Organization ID linked to this key

workspace_id
string | null

Workspace ID linked to this key

organization_membership_id
string | null

Organization membership ID linked to this key

workspace_membership_id
string | null

Workspace membership ID linked to this key

metadata
object

Additional metadata

expires_at
string<date-time> | null

Expiration timestamp

last_used_at
string<date-time> | null

Last used timestamp

is_active
boolean

Whether the key is active

Example:

true

created_at
string<date-time>

Creation timestamp

Example:

"2024-01-15T10:30:00Z"

updated_at
string<date-time>

Last update timestamp

Example:

"2024-01-15T10:30:00Z"

revoked_at
string<date-time> | null

Revocation timestamp

revoked_reason
string | null

Reason for revocation

secret
string

Full API key (only shown on creation)