> ## Documentation Index
> Fetch the complete documentation index at: https://velt-v6-0-0-beta-3.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API Key

Use this API to create a new API key for a workspace.

<Info>
  This endpoint uses **workspace-level auth**: pass `x-velt-workspace-id` and `x-velt-workspace-auth-token` (from the Create Workspace response) as headers.
</Info>

<Note>
  Creating a **`production`** API key is gated. The workspace must be explicitly enabled for self‑serve production key creation and must already be on a paid plan. See [Production API Keys](#production-api-keys) below.
</Note>

# Endpoint

`POST https://api.velt.dev/v2/workspace/apikey/create`

# Headers

<ParamField header="x-velt-workspace-id" type="string" required>
  Your Workspace ID.
</ParamField>

<ParamField header="x-velt-workspace-auth-token" type="string" required>
  Your workspace [Auth Token](/security/auth-tokens).
</ParamField>

# Body

#### Params

<ParamField body="data" type="object" required>
  <Expandable title="properties">
    <ParamField body="ownerEmail" type="string" required>
      Email address of the API key owner. Must be a valid email.
    </ParamField>

    <ParamField body="type" type="string" required>
      API key type. Accepted values: `"testing"` or `"production"`.
    </ParamField>

    <ParamField body="persistenceDBRegion" type="string">
      Provide this only for type: `"production"`. Accepts any supported region from [Supported Regions](/security/supported-regions).
    </ParamField>

    <ParamField body="createAuthToken" type="boolean">
      Whether to create an auth token along with the API key. Recommended: `true`.
    </ParamField>

    <ParamField body="apiKeyName" type="string">
      Display name for the API key.
    </ParamField>

    <ParamField body="allowedDomains" type="string[]">
      List of domains allowed to use this API key.
    </ParamField>

    <ParamField body="addLocalHostToAllowedDomains" type="boolean">
      Whether to automatically add localhost to allowed domains.
    </ParamField>

    <ParamField body="useEmailService" type="boolean">
      Whether to enable the email service for this API key.
    </ParamField>

    <ParamField body="useWebhookService" type="boolean">
      Whether to enable the webhook service for this API key.
    </ParamField>

    <ParamField body="useNotificationService" type="boolean">
      Whether to enable the in‑app notification service for this API key.
    </ParamField>

    <ParamField body="setDefaultNotificationTriggers" type="boolean">
      Seed the default notification triggers when enabling the notification service.
    </ParamField>

    <ParamField body="setDefaultEmailTriggers" type="boolean">
      Seed the default email triggers when enabling the email service.
    </ParamField>

    <ParamField body="requireAutoOrgUser" type="boolean">
      Require auto‑creation of the organization user.
    </ParamField>

    <ParamField body="enablePrivateComments" type="boolean">
      Initial value for the workspace‑scoped private comments feature flag. Defaults to `false` when omitted.
    </ParamField>

    <ParamField body="emailServiceConfig" type="object">
      Configuration object for the email service. See [Update Email Config](/api-reference/rest-apis/v2/workspace/emailconfig-update) for the full schema.

      <Expandable title="properties">
        <ParamField body="type" type="string">
          Email service provider type. Accepted values: `"default"` or `"sendgrid"`.
        </ParamField>

        <ParamField body="apiKey" type="string">
          API key for the email service provider (e.g., your SendGrid API key).
        </ParamField>

        <ParamField body="fromEmail" type="string">
          Sender email address.
        </ParamField>

        <ParamField body="fromCompany" type="string">
          Sender company name.
        </ParamField>

        <ParamField body="commentTemplateId" type="string">
          SendGrid template ID for comment notification emails.
        </ParamField>

        <ParamField body="tagTemplateId" type="string">
          SendGrid template ID for tag/mention notification emails.
        </ParamField>
      </Expandable>
    </ParamField>

    <ParamField body="webhookServiceConfig" type="object">
      Configuration object for the webhook service. See [Update Webhook Config](/api-reference/rest-apis/v2/workspace/webhookconfig-update) for the full schema.

      <Expandable title="properties">
        <ParamField body="authToken" type="string">
          Auth token sent with each webhook request for verification.
        </ParamField>

        <ParamField body="rawNotificationUrl" type="string">
          URL to receive raw (unprocessed) webhook notifications.
        </ParamField>

        <ParamField body="processedNotificationUrl" type="string">
          URL to receive processed webhook notifications.
        </ParamField>
      </Expandable>
    </ParamField>
  </Expandable>
</ParamField>

# Example Request

#### Testing key

```JSON theme={null}
{
  "data": {
    "ownerEmail": "owner@example.com",
    "type": "testing",
    "createAuthToken": true
  }
}
```

#### Production key (default North America region)

```JSON theme={null}
{
  "data": {
    "ownerEmail": "owner@example.com",
    "type": "production",
    "apiKeyName": "Production Key",
    "createAuthToken": true
  }
}
```

#### Production key with region selection (Europe)

```JSON theme={null}
{
  "data": {
    "ownerEmail": "owner@example.com",
    "type": "production",
    "apiKeyName": "EU Production Key",
    "persistenceDBRegion": "eur3",
    "realtimeDBRegion": "europe-west1",
    "createAuthToken": true
  }
}
```

# Example Response

#### Success Response

```JSON theme={null}
{
  "result": {
    "status": "success",
    "message": "API key created successfully.",
    "data": {
      "apiKey": "your_new_api_key"
    }
  }
}
```

#### Failure Response

```JSON theme={null}
{
  "error": {
    "status": "INVALID_ARGUMENT",
    "message": "ownerEmail is required."
  }
}
```

# Errors

| Status                | When                                                                                                                                       |
| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------ |
| `INVALID_ARGUMENT`    | Missing/invalid `ownerEmail` or `type`, or an unsupported `persistenceDBRegion` / `realtimeDBRegion` (including an explicit empty string). |
| `PERMISSION_DENIED`   | Invalid workspace credentials, or the workspace is not allowed to create production API keys.                                              |
| `FAILED_PRECONDITION` | Creating a production key but the workspace has not been upgraded to a paid plan.                                                          |
| `RESOURCE_EXHAUSTED`  | The workspace has reached its maximum number of production API keys.                                                                       |

<ResponseExample>
  ```js theme={null}
  {
    "result": {
      "status": "success",
      "message": "API key created successfully.",
      "data": {
        "apiKey": "your_new_api_key"
      }
    }
  }
  ```
</ResponseExample>
