> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bunship.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Key

> Create a new API key for the organization

Creates a new API key for the organization. The full key value is returned **only once** in this response. Store it securely -- it cannot be retrieved again.

## Auth

<Note>Requires a valid Bearer token. User must be a member of the organization.</Note>

## Path Parameters

<ParamField path="orgId" type="string" required>
  Organization identifier.
</ParamField>

## Request Body

<ParamField body="name" type="string" required>
  Descriptive name for the API key. Between 1 and 100 characters.
</ParamField>

<ParamField body="scopes" type="string[]">
  Array of permission scopes to restrict what the key can access. If omitted or empty, the key has
  full access to all organization resources.
</ParamField>

<ParamField body="rateLimit" type="number">
  Maximum requests per minute for this key. Minimum value of 1.
</ParamField>

<ParamField body="expiresAt" type="string">
  ISO 8601 date-time for when the key should expire. If omitted, the key does not expire.
</ParamField>

## Response

<ResponseField name="success" type="boolean">
  Always `true` on success.
</ResponseField>

<ResponseField name="data" type="object">
  <Expandable title="data properties">
    <ResponseField name="id" type="string">
      API key identifier.
    </ResponseField>

    <ResponseField name="name" type="string">
      Key name.
    </ResponseField>

    <ResponseField name="key" type="string">
      The full API key value. **Only shown once.**
    </ResponseField>

    <ResponseField name="prefix" type="string">
      Key prefix for future identification.
    </ResponseField>

    <ResponseField name="scopes" type="string[]">
      Assigned permission scopes.
    </ResponseField>

    <ResponseField name="rateLimit" type="number | null">
      Requests per minute limit.
    </ResponseField>

    <ResponseField name="expiresAt" type="string | null">
      ISO 8601 expiration timestamp.
    </ResponseField>

    <ResponseField name="createdAt" type="string">
      ISO 8601 creation timestamp.
    </ResponseField>
  </Expandable>
</ResponseField>

<ResponseField name="message" type="string">
  Reminder to save the key.
</ResponseField>

<ResponseExample>
  ```json 200 theme={null}
  {
    "success": true,
    "data": {
      "id": "key_abc123",
      "name": "Production API",
      "key": "bsk_live_abc123def456ghi789jkl012mno345pqr678stu901",
      "prefix": "bsk_live_abc1",
      "scopes": ["members:read", "webhooks:read"],
      "rateLimit": 1000,
      "expiresAt": null,
      "createdAt": "2024-01-15T10:00:00Z"
    },
    "message": "API key created successfully. Save it now - you won't be able to see it again!"
  }
  ```
</ResponseExample>

## Example

```bash theme={null}
curl -X POST https://api.bunship.com/api/v1/organizations/org_cld2abc123def456/api-keys \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIs..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Production API",
    "scopes": ["members:read", "webhooks:read"],
    "rateLimit": 1000
  }'
```
