Skip to main content
POST
/
projects
/
{projectId}
/
api-keys
Create a new API key
curl --request POST \
  --url https://api.engagefabric.com/projects/{projectId}/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Production Mobile App Key",
  "scopes": [
    "events:write",
    "players:read",
    "players:write"
  ],
  "rateLimit": 1000,
  "expiresAt": "2026-12-31T23:59:59Z",
  "metadata": {
    "createdBy": "admin@example.com",
    "purpose": "mobile-app"
  }
}
'
{
  "id": "123e4567-e89b-12d3-a456-426614174000",
  "projectId": "123e4567-e89b-12d3-a456-426614174000",
  "name": "Production Mobile App Key",
  "prefix": "pp_live_",
  "scopes": [
    "events:write",
    "players:read",
    "players:write"
  ],
  "status": "ACTIVE",
  "createdAt": "2025-01-15T10:30:00Z",
  "updatedAt": "2025-01-15T10:30:00Z",
  "key": "pp_live_abc123def456ghi789jkl012mno345pqr678stu901vwx234yz",
  "rateLimit": 1000,
  "expiresAt": "2026-12-31T23:59:59Z",
  "lastUsedAt": "2025-01-15T10:30:00Z",
  "metadata": {
    "createdBy": "admin@example.com"
  },
  "deletedAt": null
}

Authorizations

Authorization
string
header
required

JWT token for admin console authentication

Path Parameters

projectId
string
required

Project UUID

Body

application/json
name
string
required

API key name/description

Required string length: 2 - 255
Example:

"Production Mobile App Key"

scopes
string[]

API key scopes/permissions

Example:
[
  "events:write",
  "players:read",
  "players:write"
]
rateLimit
number

Custom rate limit (requests per minute). If not set, uses project default.

Required range: x >= 1
Example:

1000

expiresAt
string

API key expiration date (ISO 8601)

Example:

"2026-12-31T23:59:59Z"

metadata
object

Additional metadata

Example:
{
  "createdBy": "admin@example.com",
  "purpose": "mobile-app"
}

Response

API key created successfully (plain key shown only once!)

id
string
required

Unique API key identifier

Example:

"123e4567-e89b-12d3-a456-426614174000"

projectId
string
required

Project ID this key belongs to

Example:

"123e4567-e89b-12d3-a456-426614174000"

name
string
required

API key name/description

Example:

"Production Mobile App Key"

prefix
string
required

API key prefix (for identification)

Example:

"pp_live_"

scopes
string[]
required

API key scopes/permissions

Example:
[
  "events:write",
  "players:read",
  "players:write"
]
status
enum<string>
required

API key status

Available options:
ACTIVE,
REVOKED,
EXPIRED
Example:

"ACTIVE"

createdAt
string<date-time>
required

Creation timestamp

Example:

"2025-01-15T10:30:00Z"

updatedAt
string<date-time>
required

Last update timestamp

Example:

"2025-01-15T10:30:00Z"

key
string
required

The actual API key (ONLY shown once during creation, store securely)

Example:

"pp_live_abc123def456ghi789jkl012mno345pqr678stu901vwx234yz"

rateLimit
object

Custom rate limit (requests per minute)

Example:

1000

expiresAt
object

API key expiration date

Example:

"2026-12-31T23:59:59Z"

lastUsedAt
object

Last time this key was used

Example:

"2025-01-15T10:30:00Z"

metadata
object

Additional metadata

Example:
{ "createdBy": "admin@example.com" }
deletedAt
object

Soft deletion timestamp

Example:

null