Skip to main content
POST
/
developers
/
api_keys
Create a new API key
curl --request POST \
  --url https://api.bitgpt.xyz/developers/api_keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "label": "<string>",
  "description": "<string>",
  "scopes": [
    "invoices.create"
  ],
  "ip_allow_list": [
    "<string>"
  ],
  "expires_at": "<string>"
}
'
{
  "status": 200,
  "data": {
    "id": "api_key_0197c0ec-a197-719f-84a9-99270a79b42a",
    "secret": "sk_live_MDE5N2MwZWMtYTE5Ny03NDVlLWE1YmMtYzQyNTQ4M2JiZjAxX2JpdGdwdA",
    "scopes": [
      "products.create"
    ],
    "ip_allow_list": [
      "127.0.0.1"
    ],
    "expires_at": "2026-05-30 20:23:16",
    "created_at": "2025-06-30 15:00:22",
    "updated_at": null
  },
  "error": null,
  "log": null,
  "validator": null,
  "support_id": null,
  "message": "Resource created successfully",
  "env": "development"
}

Authorizations

Authorization
string
header
required

Send your access token as header Authorization: Bearer {accessToken}

Body

application/json

Request body for creating a new API key

label
string
required

Human-readable label for the API key

Maximum string length: 255
description
string

Human-readable description for the API key

scopes
enum<string>[]

List of scopes this API key has access to

Available options:
invoices.create,
invoices.update,
invoices.read,
payments.create,
payments.update,
payments.read,
products.create,
products.read,
products.update,
products.delete,
api_keys.create,
api_keys.update,
api_keys.delete,
api_keys.read,
webhooks.create,
webhooks.read,
webhooks.update,
webhooks.delete,
webhooks_queue.read,
webhooks_queue.update,
notifications.read,
notifications.update,
notifications_settings.read,
notifications_settings.update,
organizations.create,
organizations.read,
organizations.update,
organizations.deactivate,
users.update,
users.deactivate,
users.sessions.read,
users.sessions.deactivate
ip_allow_list
string[]

List of IP addresses allowed to use this API key

expires_at
string<mysql-date-time> | null

Timestamp when the API key expires

Example:

"2025-06-29 16:03:44"

Response

Successful API key creation response

status
enum<integer>
required

Status code of the response

Available options:
200,
201,
202
data
object
required

Response data containing the requested object

Example:
{
  "id": "api_key_0197c0f1-9589-7990-b421-4b806f637b0c",
  "organization_id": "org_0197c0f1-9589-7990-b421-4b806f637b0c",
  "label": "My API Key",
  "description": "Key for accessing product APIs",
  "secret": "sk_live_MDE5N2MwZjEtOTU4OS03N2U0LWJiY2YtNGQ0OWQ4YTM5NzUzX2JpdGdwdA",
  "scopes": ["products.create"],
  "ip_allow_list": ["127.0.0.1"],
  "expires_at": "2026-05-30 20:23:16",
  "created_at": "2025-06-30 15:05:47",
  "updated_at": null,
  "metrics": {
    "api_key_id": "api_key_0197c0f1-9589-7990-b421-4b806f637b0c",
    "total_requests": 150,
    "last_used_at": "2025-06-30 16:03:44"
  }
}
message
string | null
required

Message of the response, human readable

Example:

"Resource created successfully"

env
enum<string>
required

API environment

Available options:
development,
production
error
string | null

Error message of the response, human readable

Example:

"Invalid email address"

log

Useful informaiton, not always present, to debug the response

Examples:
{ "request_id": "req_1234567890" }

"Some pertinent log message"

validator
object

Validator response object, each key is the field name and value is the error message

Example:
{
  "email": "Invalid email address",
  "password": "Password is required"
}
support_id
string<uuid> | null

Support ID linked to the response, used to identify it when talking with our team

Example:

"support_uuidv7-something-else"