Create API Key
Create a new API key. The full key is returned only once, in this response — store it securely. Only a SHA-256 hash is persisted server-side.
Path Parameters
The project ID.
Request Body
A descriptive name (1–100 chars), e.g. "CI deploy key".
One of full, build, or read.
Optional expiry, 1–365 days. Omit for a non-expiring key.
Example
curl -X POST https://api.syntext.dev/v1/projects/prj_abc123/api-keys \
-H "Authorization: Bearer stx_abc12345_..." \
-H "Content-Type: application/json" \
-d '{
"name": "CI deploy key",
"scope": "build",
"expiresInDays": 90
}'
const key = await client.apiKeys.create('prj_abc123', {
name: 'CI deploy key',
scope: 'build',
expiresInDays: 90,
})
Response — 201 Created
{
"data": {
"id": "key_789",
"name": "CI deploy key",
"key": "stx_a1b2c3d4_9XyZ...fullKeyShownOnlyOnce",
"prefix": "stx_a1b2c3d4",
"scope": "build",
"expiresAt": "2026-10-01T10:00:00Z",
"createdAt": "2026-07-03T10:00:00Z"
}
}
The key field is only returned at creation (and on rotation). If you lose it, rotate the key — it cannot be retrieved.
Key Format
Keys look like stx_{8-char prefix}_{secret}. The prefix is safe to display and log; the full key is a secret.