Generate a new API key + secret key pair
Creates a new API key. The raw key and secret are returned only once and cannot be retrieved later. Store them securely.
Authorizations
User JWT access token issued by POST /api/auth/verify or POST /api/auth/social/verify. Routes that accept both auth modes declare api-key and bearer-jwt security schemes.
Headers
HMAC-SHA256 signature: HMAC-SHA256(secretKey, timestamp + METHOD + path + body). Optional -- when omitted, HMAC verification is skipped.
Request timestamp in epoch milliseconds. Required when x-signature is provided. Rejected if drift exceeds 5 minutes.
Body
OpenAPI schema CreateApiKeyDto.
Human-readable name for the API key
Key type: platform (standard), developer (external agent developers), internal (admin only)
platform, developer, internal Permission scopes. Defaults to all public, non-admin scopes if omitted. admin:* cannot be created through this API.
agents:read, agents:write, trades:read, trades:execute, bots:read, bots:write, marketplace:read, ai:chat, read:tokens, read:trades, read:strategies, write:strategies, read:wallet, write:wallet, read:agents, write:agents, read:ai, write:ai, read:earn, read:notifications, write:notifications, read:analytics, admin:* Expiration date for the key