Skip to main content
POST
/
v1
/
agents
/
{agentId}
/
api-keys
Mint a new agent-scoped API key
curl --request POST \
  --url https://{host}/v2/workspaces/slug:agent-factory/webhooks/v1/agents/{agentId}/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "slug": "<string>",
  "permissions": [
    "<string>"
  ]
}
'
{}

Authorizations

Authorization
string
header
required

User-bound credential carrying an identity: either a session JWT or a user access token (at:*) generated from the user settings UI. Send as Authorization: Bearer <token>. Org API keys (iak_*) are not accepted here - they carry no user identity. Use the x-prismeai-api-key header instead (see OrgApiKeyAuth).

Path Parameters

agentId
string
required
Maximum string length: 64

Body

application/json
name
string
required
Maximum string length: 128
slug
string
required
Maximum string length: 96
permissions
string[]
required

Permissions (will be prefixed with agent-factory: server-side).

Minimum array length: 1
Maximum string length: 96
expiresAt
string

ISO timestamp.

Response

API key created (secret returned once).

Result of access-manager.createOrgApiKey - includes the one-time secret.