Skip to main content
POST
/
api-keys
Create API key
curl --request POST \
  --url https://api.surefeedback.com/api/v1/api-keys \
  --header 'Content-Type: application/json' \
  --header 'X-API-Key: <api-key>' \
  --data '
{
  "name": "<string>",
  "abilities": [
    {}
  ],
  "expires_at": "<string>"
}
'
{
  "id": "cc0e8400-e29b-41d4-a716-446655440007",
  "name": "CI Integration",
  "plain_key": "sf_AbCdEfGh1234567890...",
  "abilities": ["comments:read", "sites:read"],
  "is_active": true,
  "expires_at": null,
  "created_at": "2026-03-02T12:00:00Z"
}
Creates a new API key. The plain-text key is returned only once at creation time — store it securely. The server only stores a hashed version.
Copy the plain_key from the response immediately. It cannot be retrieved again.

Request body

name
string
required
Descriptive name for the key. Max 255 characters.
abilities
array
Array of permission scopes. Example: ["comments:read", "comments:write", "sites:read"]. Leave empty for full access.
expires_at
string
ISO 8601 expiry date. Omit for a non-expiring key.

Response

plain_key
string
The full API key prefixed with sf_. Only returned at creation.
{
  "id": "cc0e8400-e29b-41d4-a716-446655440007",
  "name": "CI Integration",
  "plain_key": "sf_AbCdEfGh1234567890...",
  "abilities": ["comments:read", "sites:read"],
  "is_active": true,
  "expires_at": null,
  "created_at": "2026-03-02T12:00:00Z"
}