Skip to content

Create API key API Reference

POST
/tenants/{tenant}/apikeys

Create a new API key for programmatic access. The raw key (prefixed with kupe_) is returned exactly once in the response — store it securely, as it cannot be retrieved again.

API keys authenticate via the standard Authorization: Bearer header. Keys can be scoped to admin or readonly roles and optionally set to expire.

tenant
required
string

Tenant name

API key configuration

object
displayName

Human-readable name for identifying this key

string
Example
CI/CD Pipeline
expiresAt

Optional expiration in RFC3339 format

string
Example
2027-01-01T00:00:00Z
role

Role: admin (read-write) or readonly (read-only)

string
Example
admin

API key created (includes raw key)

object
createdAt
string
Example
2026-03-15T08:00:00Z
createdBy
string
Example
alice@acme.com
displayName
string
Example
CI/CD Pipeline
id
string
Example
ak-a1b2c3d4
key
string
Example
kupe_a1b2c3d4_dGhpcyBpcyBhIHNhbXBsZSBrZXk
role
string
Example
admin

Validation error

object
code
string
error
string
field
string
message
string
severity
string

Missing or invalid authentication

object
code
string
error
string
field
string
message
string
severity
string

Admin access required

object
code
string
error
string
field
string
message
string
severity
string

Rate limit exceeded

object
code
string
error
string
field
string
message
string
severity
string