Skip to main content
POST
/
api
/
adm
/
companyProjectKeys
/
generate
Generate New API Key
curl --request POST \
  --url https://localhost:44371/api/adm/companyProjectKeys/generate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Generates a new cryptographically secure API key for authenticating requests to the specified project. The generated key is returned in full and unmasked - this is the only time the complete key value will be displayed. Multiple active keys can exist per project to support zero-downtime credential rotation.

Input

  • Body: model (CompanyProjectKeyGenerateCommandRequest, required) — Generation request including:
    • projectId (guid, required) — Project identifier to generate the key for.
    • name (string, optional) — Descriptive name for the key.
    • description (string, optional) — Detailed description of the key’s purpose.
    • isActive (bool, optional) — Active status (default: true).

Output

Returns a CompanyProjectKeyGenerateCommandResponse containing the newly generated key ID and full unmasked key value.

Example Request

POST /api/admin/companyProjectKeys/generate
Content-Type: application/json
Authorization: Bearer {token}

{
  "projectId": "7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a",
  "name": "Production API Key",
  "description": "Main production environment key for e-commerce application",
  "isActive": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "9ef15c43-a955-6f4h-c7g3-1h6d4f0e3g9c",
  "keyValue": "pk_live_4a3b2c1d5e6f7g8h9i0j1k2l3m4n5o6p"
}

Errors

  • 400 Bad Request — Missing required projectId or validation errors.
  • 404 Not Found — No project exists with the specified ID.
  • 401 Unauthorized — Missing or invalid authentication token.
  • 403 Forbidden — User does not have permission to generate keys for this project.

Notes

  • The full unmasked key is ONLY returned in this response; store it securely immediately.
  • After this response, the key value will be masked in all subsequent retrievals.
  • New keys are created in active status by default unless explicitly set to inactive.
  • Multiple active keys per project enable zero-downtime rotation.
  • Use descriptive names to identify keys for different environments or applications.
  • Keys are cryptographically secure random strings and cannot be customized.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

The generation request containing project ID, optional key name, and description.

Represents the request used to generate a new company or project key.

companyId
string<guid>

The identifier of the company for which the key is generated.

companyProjectId
string<guid> | null

The identifier of the project associated with the key.

type
enum<string>

The type of key to generate.

Available options:
TransactionRSAKey,
FileContentPGPKey

Response

Always returned. Check the success property in the response body to determine if the operation succeeded.

Represents the response returned after generating a key.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

The identifier of the generated key.

publicKey
string | null

The public portion of the generated key.

encryptedPrivateKey
string | null

The encrypted private portion of the generated key.

expirationDate
string<date-time>

The expiration date of the generated key.

type
enum<string>

The type of key that was generated.

Available options:
TransactionRSAKey,
FileContentPGPKey