Skip to main content
POST
/
v2
/
orgs
/
{orgSlug}
/
api-keys
Create Org API Key
curl --request POST \
  --url https://api.studio.prisme.ai/v2/orgs/{orgSlug}/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "slug": "<string>",
  "name": "<string>",
  "expiresAt": "2023-11-07T05:31:56Z"
}
'
{
  "id": "<string>",
  "slug": "<string>",
  "apiKey": "<string>",
  "name": "<string>",
  "permissions": [
    "<string>"
  ],
  "scopes": [
    "<string>"
  ],
  "ownerType": "<string>",
  "ownerId": "<string>",
  "expiresAt": "2023-11-07T05:31:56Z"
}

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Path Parameters

orgSlug
string
required

Body

application/json
slug
string
required

Unique identifier for this API key within the organization

name
string
required
expiresAt
string<date-time>
required
permissions
string[]

Array of permission strings. Convention: {product}:{resource}:{action} Wildcards: Use * at end only (e.g., orgs:* matches orgs:members:manage) Platform permissions: - orgs:* (full org access) - orgs:members:manage, orgs:roles:manage, orgs:manage - orgs:branding:manage, orgs:navigation:manage - orgs:subscriptions:view, orgs:subscriptions:manage - orgs:apikeys:manage, orgs:invites:manage, orgs:join-rules:manage - secure-chat:, store:, knowledge:, builder: - agent-builder:, analytics:view, platform-admin: Custom app permissions: {app-slug}:{resource}:{action} Example: my-crm:contacts:read, my-crm:deals:manage Super admin: ["*"] (matches everything)

scopes
string[]

Optional resource patterns restricting where permissions apply. Format: resourceType:resourceId

ownerType
string

Optional owner type for this API key (e.g. agent, user, app).

ownerId
string

Optional owner ID for this API key.

Response

API key created. The raw key is shown only once.

Returned on create/rotate — raw key shown only once

id
string

Internal role ID

slug
string

Unique slug identifying the API key within the org

apiKey
string

The raw API key (iak_{orgSlug}_{uuid}). Shown only once.

name
string
permissions
string[]

Array of permission strings. Convention: {product}:{resource}:{action} Wildcards: Use * at end only (e.g., orgs:* matches orgs:members:manage) Platform permissions: - orgs:* (full org access) - orgs:members:manage, orgs:roles:manage, orgs:manage - orgs:branding:manage, orgs:navigation:manage - orgs:subscriptions:view, orgs:subscriptions:manage - orgs:apikeys:manage, orgs:invites:manage, orgs:join-rules:manage - secure-chat:, store:, knowledge:, builder: - agent-builder:, analytics:view, platform-admin: Custom app permissions: {app-slug}:{resource}:{action} Example: my-crm:contacts:read, my-crm:deals:manage Super admin: ["*"] (matches everything)

scopes
string[]
ownerType
string

Owner type (e.g. agent, vector_stores). Force-prefixed by the runtime when minted via access-manager.

ownerId
string
expiresAt
string<date-time>