Create API Key

Generate a new API key for programmatic workspace access.

Use Cases:

• Set up server-side integrations with your application
• Create separate keys for different environments (dev, staging, production)
• Generate keys with specific scopes for third-party integrations
• Replace compromised or leaked API keys

Behavior:

• Returns the full API key ONLY on creation (starts with 'kb_')
• Key is securely hashed before storage - cannot be retrieved again
• Keys are scoped to specific permissions you define
• Each key can have a custom name for identification
• Keys remain active until explicitly revoked
• No limit on number of active keys per workspace

Required Scope: This endpoint requires session authentication (not API key)

Security Best Practices:

• Store the returned key securely immediately
• Never commit keys to version control
• Use environment variables for key storage
• Rotate keys periodically (recommended: every 90 days)
• Use minimum required scopes for each key
• Revoke unused keys immediately

Note: You cannot view the full key value after creation. If lost, generate a new key and update your integrations.