Skip to main content
POST
/
api
/
keys
Create an API key
curl --request POST \
  --url https://v1.api.altostrat.io/api/keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "Production automation",
  "permissions": [
    "sites:read",
    "scripts:write"
  ]
}
'
{
  "status": "success",
  "data": {
    "message": "API Key created successfully. This is the only time the secret key will be shown.",
    "key": {
      "id": "api_key_2m3h5n7k9j8g7f6e5d4c3b2a",
      "object": "api_key",
      "name": "Production automation",
      "key_prefix": "alto_sk_ab123",
      "client_id": "C3HqXo4o6Yb5Kp0oV9x8",
      "created_at": "2026-04-20T00:00:00Z",
      "status": "active",
      "permissions": [
        "sites:read",
        "scripts:write"
      ],
      "last_used_at": null
    },
    "secret": "alto_sk_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV"
  }
}

Authorizations

Authorization
string
header
required

Authenticate with an SDX user access token that has permission to manage API keys.

Body

application/json
name
string
required

A human-readable key name.

Required string length: 3 - 100
Example:

"Production automation"

permissions
string[]
required

Permission scopes to grant to the key. You can only grant permissions available to your user.

Minimum array length: 1

Response

The API key was created. Save the returned secret immediately.

status
string
Example:

"success"

data
object