This method allows you to create a new API key for the currently authenticated user.

**Tip**: You can explore and test this endpoint interactively using our [OpenAPI documentation](https://api.deployhq.com/docs).

## URL

```
/security/api_keys
```

## HTTP Method

```
POST
```

## Supported Parameters

All parameters are wrapped in an `api_key` key.

* `description` - A description for the API key to help identify its purpose (optional)
* `read_only` - When `true`, the key may only call read endpoints; any write request (creating deployments, editing projects, changing account settings, and so on) is rejected. Defaults to `false` (full access). (optional)

## Example cURL Request

```
curl -H "Content-type: application/json" \
-H "Accept: application/json" \
--user adam@atechmedia.com:my-api-key \
-X POST \
-d '{ \
  "api_key": { \
    "description": "CI/CD Pipeline Key", \
    "read_only": true \
  } \
}' \
https://test.deployhq.com/security/api_keys
```

## Example Response

```json
{
  "api_key": "abc123def456ghi789jkl012mno345pqr678stu901",
  "identifier": "b2c3d4e5-6f78-9012-abcd-ef3456789012",
  "description": "CI/CD Pipeline Key",
  "user_id": 12345,
  "device": null,
  "read_only": true
}
```

## Notes

* The full `api_key` value is only shown once in the response when the key is created
* Make sure to copy and securely store the key immediately after creation
* If you lose the key value, you will need to revoke it and create a new one
* You can create multiple API keys with different descriptions to track usage across different integrations
* A read-only key is useful for integrations that only need to read data, such as monitoring or reporting tools. If a read-only key attempts a write, the API responds with `403 Forbidden` and an `api_key_read_only` error code
* A key's read-only setting is fixed when it is created and cannot be changed afterwards. To switch between read-only and full access, revoke the key and create a new one