> ## Documentation Index
> Fetch the complete documentation index at: https://docs.danubeai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Key

> Create a new API key with optional resource permissions

## Overview

Creates a new API key for the authenticated user. The plaintext key is returned **only once** in this response -- store it securely.

Optionally restrict the key to specific services, tools, or spending limits using the `permissions` field.

**Auth:** Requires JWT token (`Authorization: Bearer <token>`).

## Body Parameters

<ParamField body="name" type="string" required>
  Display name for the API key (e.g., "Production", "Agent Key")
</ParamField>

<ParamField body="permissions" type="object" optional>
  Optional resource-based permissions. If omitted or null, the key has unrestricted access.

  <Expandable title="Permissions object">
    <ParamField body="allowed_services" type="array" optional>
      Service UUIDs this key can access. `null` = all services.
    </ParamField>

    <ParamField body="allowed_tools" type="array" optional>
      Tool UUIDs this key can access. `null` = all tools.
    </ParamField>

    <ParamField body="max_spend_per_call_cents" type="integer" optional>
      Maximum cost per single tool call in cents.
    </ParamField>

    <ParamField body="max_spend_per_day_cents" type="integer" optional>
      Maximum daily spend for this key in cents.
    </ParamField>
  </Expandable>
</ParamField>

## Response

<ResponseField name="id" type="string">
  API key UUID
</ResponseField>

<ResponseField name="key" type="string">
  The plaintext API key (shown once only -- store securely)
</ResponseField>

<ResponseField name="key_prefix" type="string">
  First 8 characters of the key (for identification)
</ResponseField>

<ResponseField name="name" type="string">
  Display name
</ResponseField>

<ResponseField name="created_at" type="string">
  ISO 8601 creation timestamp
</ResponseField>

<ResponseField name="last_used" type="string">
  Last usage timestamp (null on creation)
</ResponseField>

<ResponseField name="permissions" type="object">
  Resource permissions (null = unrestricted)
</ResponseField>

## Example

<RequestExample>
  ```bash cURL theme={null}
  curl -X POST "https://api.danubeai.com/v1/api-keys" \
    -H "Authorization: Bearer YOUR_JWT_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
      "name": "Production Key",
      "permissions": {
        "allowed_services": ["service_uuid_1"],
        "allowed_tools": null
      }
    }'
  ```

  ```python Python SDK theme={null}
  from danube import DanubeClient

  client = DanubeClient(api_key="dk_...")
  new_key = client.api_keys.create(
      name="Production Key",
      permissions={
          "allowed_services": ["service_uuid_1"],
          "allowed_tools": None,
      }
  )
  print(f"Key: {new_key.key}")  # Store this securely!
  ```

  ```typescript TypeScript SDK theme={null}
  import { DanubeClient } from '@danubeai/sdk';

  const client = new DanubeClient({ apiKey: 'dk_...' });
  const newKey = await client.apiKeys.create({
    name: 'Production Key',
    permissions: {
      allowedServices: ['service_uuid_1'],
      allowedTools: null,
    }
  });
  console.log(`Key: ${newKey.key}`);  // Store this securely!
  ```
</RequestExample>

<ResponseExample>
  ```json theme={null}
  {
    "id": "abc123",
    "key": "dk_new_generated_key_value",
    "key_prefix": "dk_new_g",
    "name": "Production Key",
    "created_at": "2026-02-28T10:00:00Z",
    "last_used": null,
    "permissions": {
      "allowed_services": ["service_uuid_1"],
      "allowed_tools": null
    }
  }
  ```
</ResponseExample>
