> ## Documentation Index
> Fetch the complete documentation index at: https://docs.timbrix.mx/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Key

> Create a new API key for an organization. Plain key is returned only once!

Creates a new API key for programmatic access.

## Permissions

User must be **owner** or **admin**.

## Security

* API keys are prefixed with `sk_`
* Full key value is only shown **once** during creation
* Store the key securely (never commit to git)
* Keys are hashed before storage

## Using API Keys

Include the API key in the `X-API-Key` header:

```bash theme={null}
curl -X GET http://localhost:3001/api/organizations/acme-corp \
  -H "X-API-Key: sk_..."
```

## Example

```bash theme={null}
curl -X POST http://localhost:3001/api/organizations/acme-corp/api-keys \
  -H "Authorization: Bearer <token>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API Key",
    "description": "Key for production server"
  }'
```

## Best Practices

* Use descriptive names for keys
* Create separate keys for different environments
* Rotate keys regularly
* Revoke unused keys immediately


## OpenAPI

````yaml POST /organizations/{organizationId}/api-keys
openapi: 3.1.0
info:
  title: Timbrix API
  description: >-
    REST API with OAuth2 server for managing organizations, members, and
    webhooks
  version: '1.0'
  contact: {}
servers:
  - url: http://sandbox.mintlify.com
    description: Sandbox environment
  - url: http://localhost:3001/api
    description: Local development
security: []
tags:
  - name: organizations
    description: Organization management endpoints
  - name: oauth
    description: OAuth2 authentication and authorization
  - name: webhooks
    description: Webhook configuration and delivery
  - name: users
    description: User information endpoints
  - name: api-keys
    description: API Keys management and validation
paths:
  /organizations/{organizationId}/api-keys:
    post:
      tags:
        - api-keys
      summary: Create API key
      description: >-
        Create a new API key for an organization. Plain key is returned only
        once!
      operationId: ApiKeysController_create
      parameters:
        - name: organizationId
          required: true
          in: path
          schema:
            type: string
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateApiKeyDto'
      responses:
        '201':
          description: API key created successfully. Save the plain key securely!
        '400':
          description: Invalid input data. Check the validation errors in the response.
        '401':
          description: Authentication required. Provide a valid bearer token.
        '403':
          description: Access denied. Only owners and admins can create API keys.
      security:
        - bearer: []
components:
  schemas:
    CreateApiKeyDto:
      type: object
      properties:
        name:
          type: string
          description: API key name
          example: Production API Key
          minLength: 3
          maxLength: 50
        description:
          type: string
          description: API key description
          example: Used for production server
          maxLength: 200
        scopes:
          type: array
          description: >-
            API key scopes (permissions). Defaults to ['read:user'] if not
            provided
          example:
            - read:user
            - write:webhooks
          items:
            type: string
            enum:
              - read:user
              - write:user
              - read:organization
              - write:organization
              - read:members
              - write:members
              - read:webhooks
              - write:webhooks
              - read:api-keys
              - write:api-keys
        rateLimitPerMinute:
          type: number
          description: Rate limit per minute
          example: 60
          minimum: 1
          maximum: 10000
        rateLimitPerHour:
          type: number
          description: Rate limit per hour
          example: 1000
          minimum: 1
          maximum: 100000
        allowedIps:
          description: Allowed IP addresses (CIDR notation supported)
          example:
            - 192.168.1.1
            - 10.0.0.0/24
          type: array
          items:
            type: string
        expiresAt:
          type: string
          description: Expiration date
          example: '2025-12-31T23:59:59Z'
      required:
        - name
  securitySchemes:
    bearer:
      scheme: bearer
      bearerFormat: JWT
      type: http

````