Skip to main content
POST
/
v1
/
api-keys
/
{userId}
curl -X POST https://<your-instance>/v1/api-keys/U2026A00001 \
  -H "Cookie: LASID=<session-token>" \
  -H "CTN: <csrf-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "label": "Production Pipeline",
    "expiresAt": "2026-12-31T23:59:59Z"
  }'

{
  "success": true,
  "keyId": "SK2026A00001",
  "keyPrefix": "trvh_sdk_a1b2c3d",
  "label": "Production Pipeline",
  "apiKey": "trvh_sdk_a1b2c3d4e5f6..."
}
Creates a new API key for SDK access. The full plaintext key is returned only once in the response — store it securely.
This is a browser-authenticated endpoint (session cookie + CSRF). Use the Tarvah Settings UI or call it from an authenticated frontend session.

Path Parameters

userId
string
required
The authenticated user’s ID.

Request Headers

CTN
string
required
CSRF token.

Request Body

label
string
required
A human-readable label for the key (e.g., "Production Pipeline", "CI/CD").
targetUserId
string
User ID the key should act as. Defaults to the authenticated user if not provided.
expiresAt
string
ISO 8601 expiration date (e.g., "2026-12-31T23:59:59Z"). If omitted, the key does not expire.
clientId
string
Optional client ID to scope the key to a specific tenant.

Response

success
boolean
Whether the key was created.
keyId
string
The key’s internal ID (e.g., SK2026A00001).
keyPrefix
string
First 16 characters of the key, for display/identification (e.g., trvh_sdk_a1b2c3d).
label
string
The label you provided.
apiKey
string
The full plaintext API key. This is shown only once — store it securely.
curl -X POST https://<your-instance>/v1/api-keys/U2026A00001 \
  -H "Cookie: LASID=<session-token>" \
  -H "CTN: <csrf-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "label": "Production Pipeline",
    "expiresAt": "2026-12-31T23:59:59Z"
  }'

{
  "success": true,
  "keyId": "SK2026A00001",
  "keyPrefix": "trvh_sdk_a1b2c3d",
  "label": "Production Pipeline",
  "apiKey": "trvh_sdk_a1b2c3d4e5f6..."
}