Last updated on 22nd June 2026

Create API Key via API

This method allows you to create a new API key for the currently authenticated user.

Tip: You can explore and test this endpoint interactively using our OpenAPI documentation.

URL

/security/api_keys

HTTP Method

POST

Supported Parameters

All parameters are wrapped in an api_key key.

  • description - A description for the API key to help identify its purpose (optional)
  • read_only - When true, the key may only call read endpoints; any write request (creating deployments, editing projects, changing account settings, and so on) is rejected. Defaults to false (full access). (optional)

Example cURL Request

curl -H "Content-type: application/json" \
-H "Accept: application/json" \
--user adam@atechmedia.com:my-api-key \
-X POST \
-d '{ \
  "api_key": { \
    "description": "CI/CD Pipeline Key", \
    "read_only": true \
  } \
}' \
https://test.deployhq.com/security/api_keys

Example Response

{
  "api_key": "abc123def456ghi789jkl012mno345pqr678stu901",
  "identifier": "b2c3d4e5-6f78-9012-abcd-ef3456789012",
  "description": "CI/CD Pipeline Key",
  "user_id": 12345,
  "device": null,
  "read_only": true
}

Notes

  • The full api_key value is only shown once in the response when the key is created
  • Make sure to copy and securely store the key immediately after creation
  • If you lose the key value, you will need to revoke it and create a new one
  • You can create multiple API keys with different descriptions to track usage across different integrations
  • A read-only key is useful for integrations that only need to read data, such as monitoring or reporting tools. If a read-only key attempts a write, the API responds with 403 Forbidden and an api_key_read_only error code
  • A key's read-only setting is fixed when it is created and cannot be changed afterwards. To switch between read-only and full access, revoke the key and create a new one