Create Key
Endpoint
POST /apiops/projects/{projectName}/keys/
Authentication
Requires a Personal API Access Token.
Header
Authorization: Bearer YOUR_TOKEN
Request
Headers
| Header | Value | Required |
|---|---|---|
| Authorization | Bearer {token} | Yes |
| Content-Type | application/json | Yes |
Path Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| projectName | string | Yes | Project name |
Request Body
The request body should contain a KeyCreateDTO object with the following structure:
{
"name": "my-key",
"description": "Key for API encryption",
"keyType": "PRIVATE_KEY",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "base64-encoded-key-content",
"alias": "my-key-alias"
}
]
}
Request Body Fields
| Field | Type | Required | Description |
|---|---|---|---|
| name | string | Yes | Key name (unique identifier) |
| description | string | No | Key description |
| keyType | string | Yes | Key type: SECRET_KEY, PRIVATE_KEY, or PUBLIC_KEY |
| cryptoKeyInfoEnvironmentList | array[object] | Yes | List of key environments |
Key Environment Object
| Field | Type | Required | Description |
|---|---|---|---|
| environmentName | string | Yes | Environment name where key will be deployed |
| content | string | Yes | Base64-encoded key content |
| alias | string | No | Key alias (optional identifier) |
Notes
- Request Format: This API uses
application/jsoncontent type. Unlike the Certificate API, files are not uploaded viamultipart/form-data. Instead, key content must be base64-encoded and included in the JSON body. namemust be unique within the project- Key is automatically deployed to all specified environments after creation
- Key material must be provided as base64-encoded content in the
contentfield environmentNameis used to identify the environment (notenvironmentId)- To encode a key file to base64, you can use command-line tools like
base64(Linux/Mac) orcertutil -encode(Windows), or any base64 encoding library in your programming language
Response
Success Response (200 OK)
{
"success": true,
"deploymentResult": {
"success": true,
"message": "Deployment completed successfully",
"environmentResults": [
{
"environmentName": "production",
"success": true,
"message": "Deployed successfully"
}
]
}
}
Error Response (400 Bad Request)
{
"error": "bad_request",
"error_description": "Key (name: my-key) is already exist! Try update operation if want to change its value."
}
cURL Example
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-key",
"description": "Key for API encryption",
"keyType": "PRIVATE_KEY",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0t...",
"alias": "my-key-alias"
}
]
}'
Example 2: Create Key with Multiple Environments
curl -X POST \
"https://demo.apinizer.com/apiops/projects/MyProject/keys/" \
-H "Authorization: Bearer YOUR_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "my-key",
"description": "Key for API encryption",
"keyType": "SECRET_KEY",
"cryptoKeyInfoEnvironmentList": [
{
"environmentName": "production",
"content": "base64-encoded-key-content",
"alias": "prod-key-alias"
},
{
"environmentName": "staging",
"content": "base64-encoded-key-content",
"alias": "staging-key-alias"
}
]
}'
Notes and Warnings
-
Key Name:
- Must be unique within the project
- Cannot be changed after creation
-
Key Type:
SECRET_KEY: Symmetric key (AES, DES, DESede)PRIVATE_KEY: Asymmetric private key (RSA)PUBLIC_KEY: Asymmetric public key (RSA)
-
Environment Name:
- Use
environmentName(notenvironmentId) to specify the environment - Environment name must exist and be accessible
- Use
-
Key Content:
- Must be base64-encoded and included in the JSON body (not uploaded as a file)
- For private/public keys, include the full key material (PEM format)
- Example: Read your key file and encode it to base64:
base64 -i private-key.pem(Linux/Mac) orcertutil -encode private-key.pem temp.txt && type temp.txt(Windows) - Content is encrypted before storage
- Note: This API uses JSON body format. If you need to upload a file directly, consider using the Certificate API which supports
multipart/form-data
-
Automatic Deployment:
- Key is automatically deployed to all specified environments after creation
- Deployment results are returned in the response
Permissions
User must have SECRETS + MANAGE permission in the project. For deployment operations (when deploying keys to environments), user must also have SECRETS + DEPLOY_UNDEPLOY permission.
Related Documentation
- List Keys - List all keys
- Update Key - Update a key