Create API key
POST /tenants/{tenant}/apikeys
POST
/tenants/{tenant}/apikeys
Create a new API key for programmatic access. The raw key (prefixed with kupe_) is returned
exactly once in the response — store it securely, as it cannot be retrieved again.
API keys authenticate via the standard Authorization: Bearer header.
Keys can be scoped to admin or readonly roles and optionally set to expire.
Authorizations
Section titled “Authorizations ”Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ” tenant
required
string
Tenant name
Request Body
Section titled “Request Body ”API key configuration
object
displayName
Human-readable name for identifying this key
string
Example
CI/CD Pipeline expiresAt
Optional expiration in RFC3339 format
string
Example
2027-01-01T00:00:00Z role
Role: admin (read-write) or readonly (read-only)
string
Example
adminResponses
Section titled “ Responses ”API key created (includes raw key)
object
createdAt
string
Example
2026-03-15T08:00:00Z createdBy
string
Example
alice@acme.com displayName
string
Example
CI/CD Pipeline id
string
Example
ak-a1b2c3d4 key
string
Example
kupe_a1b2c3d4_dGhpcyBpcyBhIHNhbXBsZSBrZXk role
string
Example
adminValidation error
object
error
string
Missing or invalid authentication
object
error
string
Admin access required
object
error
string
Rate limit exceeded
object
error
string