Skip to main content
POST
/
api
/
adm
/
companyProjectKeys
/
generate
Generate New API Key
curl --request POST \
  --url https://localhost:44371/api/adm/companyProjectKeys/generate \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '{}'
{
  "success": true,
  "code": 200,
  "errorMessage": null
}

Description

Generates a new cryptographically secure API key for authenticating requests to the specified project. The generated key is returned in full and unmasked - this is the only time the complete key value will be displayed. Multiple active keys can exist per project to support zero-downtime credential rotation.

Input

  • Body: model (CompanyProjectKeyGenerateCommandRequest, required) — Generation request including:
    • projectId (guid, required) — Project identifier to generate the key for.
    • name (string, optional) — Descriptive name for the key.
    • description (string, optional) — Detailed description of the key’s purpose.
    • isActive (bool, optional) — Active status (default: true).

Output

Returns a CompanyProjectKeyGenerateCommandResponse containing the newly generated key ID and full unmasked key value.

Example Request

POST /api/admin/companyProjectKeys/generate
Content-Type: application/json
Authorization: Bearer {token}

{
  "projectId": "7bc94a21-8833-4d2f-a5e1-9f4b2d8c1e7a",
  "name": "Production API Key",
  "description": "Main production environment key for e-commerce application",
  "isActive": true
}

Example Response

{
  "success": true,
  "code": 200,
  "errorMessage": null,
  "id": "9ef15c43-a955-6f4h-c7g3-1h6d4f0e3g9c",
  "keyValue": "pk_live_4a3b2c1d5e6f7g8h9i0j1k2l3m4n5o6p"
}

Errors

  • 400 Bad Request — Missing required projectId or validation errors.
  • 404 Not Found — No project exists with the specified ID.
  • 401 Unauthorized — Missing or invalid authentication token.
  • 403 Forbidden — User does not have permission to generate keys for this project.

Notes

  • The full unmasked key is ONLY returned in this response; store it securely immediately.
  • After this response, the key value will be masked in all subsequent retrievals.
  • New keys are created in active status by default unless explicitly set to inactive.
  • Multiple active keys per project enable zero-downtime rotation.
  • Use descriptive names to identify keys for different environments or applications.
  • Keys are cryptographically secure random strings and cannot be customized.

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

The generation request containing project ID, optional key name, and description.

Base structure for command requests that modify data. Represents the request used to generate a new company or project key.

companyId
string<guid>

The identifier of the company for which the key is generated.

companyProjectId
string<guid> | null

The identifier of the project associated with the key.

type
enum<string>

The type of key to generate.

Available options:
TransactionRSAKey,
FileContentPGPKey

Response

Always returned. Check the success property in the response body to determine if the operation succeeded.

Standard response structure containing operation status and error information. Standard command response indicating the result of a data modification. Represents the response returned after generating a key.

success
boolean

True if the operation completed successfully; false if an error occurred.

Example:

true

code
enum<string>

Result code indicating the outcome of the operation.

Available options:
Unknown,
Success,
BadRequest,
Unauthorized,
NotFound,
Error
Example:

200

errorMessage
string | null

Human-readable error message when an error occurs.

Example:

null

id
string<guid>

The identifier of the generated key.

publicKey
string | null

The public portion of the generated key.

encryptedPrivateKey
string | null

The encrypted private portion of the generated key.

expirationDate
string<date-time>

The expiration date of the generated key.

type
enum<string>

The type of key that was generated.

Available options:
TransactionRSAKey,
FileContentPGPKey