Skip to main content
POST
/
v2
/
api-keys
Create API Key
curl --request POST \
  --url https://api.tusky.io/v2/api-keys \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "scopes": [
    {}
  ],
  "expiresAt": "<string>"
}
'
{
  "id": "<string>",
  "key": "<string>",
  "name": "<string>",
  "scopes": [
    {}
  ],
  "expiresAt": "<string>",
  "createdAt": "<string>"
}
Create a new API key with specific permission scopes.

Request Body

name
string
required
A descriptive name for the key (e.g., production-backend, ci-pipeline).
scopes
array
required
Permission scopes to grant. See scopes reference below.
expiresAt
string
Optional ISO 8601 expiration date. Key is valid indefinitely if omitted.

Available Scopes

ScopeDescription
environments:readList and retrieve environments
environments:writeCreate, update, delete environments
files:readList, retrieve, and download files
files:writeUpload and delete files
members:readList environment members
members:writeAdd, update, remove members
publishers:readRead publisher configuration
publishers:writeCreate, update, delete publishers
aggregators:readRead aggregator configuration
aggregators:writeUpdate, delete aggregators
secrets:readRead secrets
secrets:writeCreate, update, delete secrets
account:readRead account info and usage

Response

id
string
API key ID.
key
string
The API key value. Only returned once — store it securely.
name
string
Key name.
scopes
array
Granted scopes.
expiresAt
string
Expiration timestamp, or null.
createdAt
string
ISO 8601 creation timestamp.

Example

curl -X POST https://api.tusky.io/v2/api-keys \
  -H "Api-Key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "production-backend",
    "scopes": ["files:read", "files:write", "environments:read"]
  }'

Response

{
  "id": "key_abc123",
  "key": "tsk_live_xK9m2...",
  "name": "production-backend",
  "scopes": ["files:read", "files:write", "environments:read"],
  "expiresAt": null,
  "createdAt": "2026-03-07T14:00:00Z"
}
The key value is only returned in this response. Store it securely — you cannot retrieve it again.