Create an API key
Mints a new API key and returns the plaintext token once — it is stored hashed and can never be retrieved again, so capture it on creation.
Mints a new API key and returns the plaintext token once — it is stored hashed and can never be retrieved again, so capture it on creation.
Only type is required. env is required for server and client keys (the key is bound to one environment, which is the read-env isolation boundary); for admin and ops keys env is ignored and the key is pinned to prod. Expiry is fixed for some types: admin keys always get a 90-day expiry and ops keys a short sliding window, regardless of expiresInDays. Only server/client keys count toward the plan key limit.
- Back-end key —
{ "type": "server", "env": "prod" }for the production server SDK. - Public browser key —
{ "type": "client", "env": "prod", "name": "marketing site" }to embed in the browser SDK. - Scoped, expiring key —
{ "type": "server", "env": "staging", "scopes": ["gates:evaluate"], "expiresInDays": 30 }for a time-boxed integration.
Authorization
bearerSdkKey Pass an admin SDK key as Authorization: Bearer sdk_admin_…. Mint via POST /api/admin/keys with type: "admin".
In: header
Header Parameters
Project the request operates on. Optional — defaults to the project the SDK key belongs to; pass it only to scope a multi-project key (the generated client sets it once from its configuration, so per-call callers never thread it).
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
application/json
curl -X POST "https://shipeasy.ai/api/admin/keys" \ -H "Content-Type: application/json" \ -d '{ "type": "server", "env": "prod", "name": "production back-end" }'{
"id": "3f2a9b1c-7d4e-4a8f-9c2b-1e5d6f7a8b90",
"type": "server",
"env": "prod",
"key": "sdk_server_9c1f4f1f2c0c4a5fa1c2b6d3e7c8e3a1",
"expires_at": null
}{
"error": "Malformed request (bad JSON, missing project scope).",
"code": "BAD_REQUEST"
}{
"error": "Missing or invalid admin SDK key.",
"code": "UNAUTHORIZED"
}{
"error": "Key is valid but not allowed to act on this project.",
"code": "FORBIDDEN"
}{
"error": "The resource does not exist or is not visible to the caller.",
"code": "NOT_FOUND"
}{
"error": "A resource with this name already exists in the project.",
"code": "ALREADY_EXISTS"
}{
"error": "The request body failed structural (schema) validation.",
"code": "VALIDATION"
}