Create a 90-day key

const r = await fetch('/api/v1/keys', {
  method: 'POST',
  credentials: 'include',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ name: 'prod-splunk-2026q2', expires_in_days: 90 }),
});
const { data, meta } = await r.json();
console.log(meta.warning);  // "Store this API key securely..."
console.log(`Save: ${data.full_key}`);  // sk_live_... (shown ONCE)

{
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "key_preview": "sk_live_••••••••",
    "tier": "free",
    "scopes": [
      "<string>"
    ],
    "rate_limit_per_minute": 123,
    "rate_limit_per_day": 123,
    "total_requests": 123,
    "last_used_at": "2023-11-07T05:31:56Z",
    "created_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "key": "sk_live_abc123def456..."
  },
  "meta": {
    "warning": "Store this API key securely. It will not be shown again."
  }
}

API Keys

Mint a new API key

Generates a new API key. The full secret is returned exactly once — save it immediately; subsequent reads only return the prefix.

Key naming convention

Use descriptive, deployment-aware names. Good examples:

prod-splunk-2026q2
staging-sentinel
tom-laptop-dev

Bad examples that make audit trails useless:

key1, my key, test

Expiration

Pass expires_in_days for time-bounded keys (recommended for any key handed to a partner or CI system). Omit for keys that never expire. You can revoke at any time via DELETE.

Tier and scopes

Tier inherits from your account subscription (free or pro). Scopes default to your tier’s full set; the response includes them so you know what the key can do.

POST

api

keys

Create a 90-day key

const r = await fetch('/api/v1/keys', {
  method: 'POST',
  credentials: 'include',
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({ name: 'prod-splunk-2026q2', expires_in_days: 90 }),
});
const { data, meta } = await r.json();
console.log(meta.warning);  // "Store this API key securely..."
console.log(`Save: ${data.full_key}`);  // sk_live_... (shown ONCE)

{
  "data": {
    "id": "3c90c3cc-0d44-4b50-8888-8dd25736052a",
    "name": "<string>",
    "key_preview": "sk_live_••••••••",
    "tier": "free",
    "scopes": [
      "<string>"
    ],
    "rate_limit_per_minute": 123,
    "rate_limit_per_day": 123,
    "total_requests": 123,
    "last_used_at": "2023-11-07T05:31:56Z",
    "created_at": "2023-11-07T05:31:56Z",
    "expires_at": "2023-11-07T05:31:56Z",
    "key": "sk_live_abc123def456..."
  },
  "meta": {
    "warning": "Store this API key securely. It will not be shown again."
  }
}

Authorizations

sb-access-token

string

required

Session cookie (for API key management endpoints)

Body

application/json

name

string

required

A friendly name for this key

Maximum string length: 100

Example:

"Production SIEM Integration"

expires_in_days

integer

Number of days until key expires (optional)

Required range: 1 <= x <= 365

Example:

90

Response

API key created successfully

data

object

Show child attributes

Overview

IOC Endpoints

Articles Endpoints

TAXII 2.1

IOCs

Statistics

Export Formats

Detection Rules

Lookup

API Keys

TAXII

Articles

Mint a new API key

Key naming convention

Expiration

Tier and scopes

Authorizations

Body

Response

Overview

IOC Endpoints

Articles Endpoints

TAXII 2.1

IOCs

Statistics

Export Formats

Detection Rules

Lookup

API Keys

TAXII

Articles

Documentation Index

Authorizations

Body

Response