Skip to main content
POST
http://localhost:3000
/
auth
/
keys
curl -X POST http://localhost:3000/auth/keys \
  -H "Authorization: Bearer $ISOL8_MASTER_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "ci-runner", "tenantId": "team-infra", "ttlMs": 86400000 }'

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "key": "isol8_4f3c8a1b...",
  "name": "ci-runner",
  "keyPrefix": "isol8_4f3c...",
  "tenantId": "team-infra",
  "expiresAt": "2026-03-02T12:00:00.000Z"
}
Creates a new API key in the SQLite-backed key store. The plaintext key is returned only once in the response — store it securely. Requires the master key (the --key flag value). DB-backed auth must be enabled via --auth-db or config.
name
string
required
Human-readable label for this key.
tenantId
string
Tenant identifier for multi-tenant isolation. Defaults to "default".
ttlMs
number
Key lifetime in milliseconds. Defaults to auth.defaultTtlMs from server config.
id
string
Unique key identifier (UUID). Use this for revocation.
key
string
Plaintext API key prefixed with isol8_. Shown only once.
name
string
The label provided at creation.
keyPrefix
string
First 10 characters of the key followed by ... for display purposes.
tenantId
string
Tenant this key belongs to.
expiresAt
string
ISO 8601 expiration timestamp.
curl -X POST http://localhost:3000/auth/keys \
  -H "Authorization: Bearer $ISOL8_MASTER_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "ci-runner", "tenantId": "team-infra", "ttlMs": 86400000 }'

{
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
  "key": "isol8_4f3c8a1b...",
  "name": "ci-runner",
  "keyPrefix": "isol8_4f3c...",
  "tenantId": "team-infra",
  "expiresAt": "2026-03-02T12:00:00.000Z"
}
The plaintext key is returned only at creation time. It cannot be retrieved later — only the keyPrefix is stored for display.