Skip to main content
POST
/
auth
/
api_key
Create access token
curl -X POST http://localhost:6573/auth/api_key \
  -H "Content-Type: application/json" \
  -H 'Authorization: Bearer <admin-jwt-or-access-token>' \
  -d '{
    "name": "reader-admin-token",
    "description": "Used by the analytics dashboard to run read-only admin checks.",
    "will_expire": true,
    "expires_in_seconds": 86400,
    "permission": "read,admin"
  }'
{
  "id": 12,
  "name": "reader-admin-token",
  "description": "Used by the analytics dashboard to run read-only admin checks.",
  "api_key": "vdai_<newly-generated-token>",
  "created_at": "2026-04-02T08:30:00Z",
  "expired_at": "2026-04-03T08:30:00Z",
  "will_expire": true,
  "permission": "read,admin"
}

Authorizations

Authorization
string
header
required

Admin JWT obtained from the login endpoint.

Headers

Authorization
string
required

Admin JWT or admin access token. Format Bearer <admin-jwt-or-access-token>.

Body

application/json
name
string
required

Human-readable name for the token.

permission
string
required

Comma-separated permission names. Valid values are read, write, admin, or any combination.

Example:

"read,admin"

description
string

Optional description of the token's intended use.

will_expire
boolean
default:false

Whether the token expires. When false, the token is valid indefinitely.

expires_in_seconds
integer

Number of seconds until the token expires. Only applies when will_expire is true.

Response

Token created successfully.

id
integer

Unique identifier for the access token.

name
string

Human-readable name for the token.

description
string

Description of the token's intended use.

api_key
string

The raw API key value. Store this securely, as it cannot be retrieved after creation.

created_at
string<date-time>

Timestamp when the token was created, in RFC 3339 UTC format.

expired_at
string<date-time> | null

Timestamp when the token expires, in RFC 3339 UTC format. null when will_expire is false.

will_expire
boolean

Whether the token has an expiration date.

permission
string

Comma-separated permission names assigned to the token.