Skip to main content
POST
/
api-keys
Create an API key
curl --request POST \
  --url https://api.questra.ai/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --header 'X-Org-Id: <x-org-id>' \
  --data '
{
  "name": "Production Integration",
  "expires_at": "2026-01-15T12:00:00Z"
}
'
{
  "id": "ak_2xyzABC123",
  "name": "Production Integration",
  "created_at": "2025-01-15T12:00:00Z",
  "expires_at": "2026-01-15T12:00:00Z",
  "revoked": false,
  "expired": false,
  "last_used_at": "2025-06-01T09:30:00Z",
  "secret": "sk_live_abc123..."
}

Documentation Index

Fetch the complete documentation index at: https://docs.questra.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Headers

X-Org-Id
string
required

The ID of the organization to make requests against. Found on your Settings page.

Body

application/json

Body for creating a new API key.

name
string
required

A descriptive label for the key — e.g. the application or environment it will be used in.

Minimum string length: 1
Example:

"Production Integration"

expires_at
string<date-time>

ISO 8601 datetime at which the key should expire. Must be in the future. Omit to create a non-expiring key.

Example:

"2026-01-15T12:00:00Z"

Response

The newly created API key, including its secret.

An API key belonging to the authenticated user.

id
string
required

Unique identifier for the API key.

Example:

"ak_2xyzABC123"

name
string
required

The human-readable label you assigned to the key.

Example:

"Production Integration"

created_at
string<date-time>
required

ISO 8601 timestamp of when the key was created.

Example:

"2025-01-15T12:00:00Z"

expires_at
string<date-time> | null
required

ISO 8601 timestamp of when the key expires, or null if it never expires.

Example:

"2026-01-15T12:00:00Z"

revoked
boolean
required

Whether the key has been manually revoked. Revoked keys cannot authenticate requests.

Example:

false

expired
boolean
required

Whether the key has passed its expires_at date.

Example:

false

last_used_at
string<date-time> | null
required

ISO 8601 timestamp of the most recent request authenticated with this key, or null if it has never been used.

Example:

"2025-06-01T09:30:00Z"

secret
string

The raw secret value. Only returned when the key is first created — it cannot be retrieved again. Store it somewhere safe immediately.

Example:

"sk_live_abc123..."