Skip to main content
POST
/
v1
/
organizations
/
users
/
{user_email}
/
api-keys
Create Api Key
curl --request POST \
  --url https://api.mixpeek.com/v1/organizations/users/{user_email}/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{
  "description": "Service account for ingestion pipeline",
  "name": "backend-service",
  "permissions": [
    "read",
    "write"
  ],
  "rate_limit_override": 120
}'
{
  "created_at": "2025-01-01T00:00:00Z",
  "created_by": "usr_admin",
  "description": "Service account for ingestion",
  "internal_id": "int_x1y2z3",
  "key_hash": "2c26b46b68ffc68ff99b453c1d304134",
  "key_id": "key_a1b2c3d4e5f6g7h",
  "name": "backend-service",
  "organization_id": "org_demo123",
  "permissions": [
    "read",
    "write"
  ],
  "scopes": [],
  "status": "active",
  "user_id": "usr_a1b2c3d4e5f6g7h"
}

Authorizations

Authorization
string
header
required

Bearer token authentication using your API key. Format: 'Bearer your_api_key'. To get an API key, create an account at mixpeek.com/start and generate a key in your account settings.

Headers

Authorization
string
required

REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.

Examples:

"Bearer sk_live_abc123def456"

"Bearer sk_test_xyz789"

Path Parameters

user_email
string
required

Body

application/json

Payload for creating a new API key.

name
string
required

Human-friendly key label shown in dashboards.

Required string length: 1 - 100
description
string | null

Optional description explaining the key's purpose.

Maximum length: 500
permissions
enum<string>[]

Set of permissions granted to the API key (least privilege).

scopes
ResourceScope · object[] | null

Optional resource scope restrictions applied to the key.

rate_limit_override
integer | null

Per-key requests-per-minute override (defaults to plan limit when absent).

Required range: x >= 1
expires_at
string<date-time> | null

Optional UTC timestamp when the key automatically expires.

Response

Successful Response

API key response including the plaintext secret.

key_hash
string
required

SHA-256 hash of the plaintext key.

internal_id
string
required

Organization internal identifier.

user_id
string
required

Identifier of the user who owns the key.

name
string
required

Human-friendly key label.

key
string
required
key_id
string

Public identifier for the API key.

organization_id
string | null

Organization public identifier (denormalized).

description
string
default:""

Optional description explaining the key usage.

permissions
enum<string>[]

Permissions granted to the key (least privilege recommended).

scopes
ResourceScope · object[]

Resource-level scopes restricting the key.

rate_limit_override
integer | null

Optional per-key rate limit override in requests per minute.

status
enum<string>

Lifecycle status of the key (active, revoked, expired).

Available options:
active,
revoked,
expired
expires_at
string<date-time> | null

UTC timestamp when the key automatically expires.

last_used_at
string<date-time> | null

UTC timestamp of the last successful request using the key.

created_at
string<date-time>

UTC timestamp when the key was created.

created_by
string | null

User identifier that created the key.

revoked_at
string<date-time> | null

UTC timestamp when the key was revoked (if applicable).

revoked_by
string | null

User identifier that revoked the key (if applicable).