Create Api Key
Create a new API key for a user.
Documentation Index
Fetch the complete documentation index at: https://docs.mixpeek.com/docs/llms.txt
Use this file to discover all available pages before exploring further.
Headers
REQUIRED: Bearer token authentication using your API key. Format: 'Bearer sk_xxxxxxxxxxxxx'. You can create API keys in the Mixpeek dashboard under Organization Settings.
"Bearer YOUR_API_KEY"
"Bearer YOUR_STRIPE_API_KEY"
Path Parameters
Body
Payload for creating a new API key.
Human-friendly key label shown in dashboards.
1 - 100Optional description explaining the key's purpose.
500Set of permissions granted to the API key. Defaults to full read/write/delete access. Restrict explicitly when creating scoped keys.
Simplified API key permissions.
This four-value enum replaces the legacy 16-permission model. Keep usage simple: prefer the least privileged option that satisfies the workflow.
Hierarchy (strongest -> weakest): ADMIN > DELETE > WRITE > READ.
read, write, delete, admin Optional resource scope restrictions applied to the key.
Per-key requests-per-minute override (defaults to plan limit when absent).
x >= 1Optional UTC timestamp when the key automatically expires.
End-user identifier for document-level ACL. When set, the key becomes user-scoped and all document reads are automatically filtered to documents the principal has access to. This represents an end-user in your application, NOT an org user.
Response
Successful Response
API key response including the plaintext secret.
SHA-256 hash of the plaintext key.
Organization internal identifier.
Identifier of the user who owns the key.
Human-friendly key label.
Public identifier for the API key.
Visible prefix of the API key for user identification (e.g., 'sk_abc123...'). Shows the first 10 characters of the plaintext key to help users identify which key is which in lists, without exposing the full secret. This follows industry best practices from GitHub, Stripe, and AWS. Generated automatically for new keys. Older keys may not have this field.
10 - 13"sk_abc123..."
Type of API key. STANDARD for regular organization keys, MARKETPLACE_SUBSCRIPTION for marketplace subscription access tokens.
standard, marketplace_subscription, retriever, user_scoped, session Marketplace subscription ID if this is a marketplace subscription key. Only set when key_type is MARKETPLACE_SUBSCRIPTION.
Organization public identifier (denormalized).
Optional description explaining the key usage.
Permissions granted to the key.
Simplified API key permissions.
This four-value enum replaces the legacy 16-permission model. Keep usage simple: prefer the least privileged option that satisfies the workflow.
Hierarchy (strongest -> weakest): ADMIN > DELETE > WRITE > READ.
read, write, delete, admin Resource-level scopes restricting the key.
Optional per-key rate limit override in requests per minute.
Lifecycle status of the key (active, revoked, expired).
active, revoked, expired UTC timestamp when the key automatically expires.
UTC timestamp of the last successful request using the key.
UTC timestamp when the key was created.
User identifier that created the key.
UTC timestamp when the key was revoked (if applicable).
User identifier that revoked the key (if applicable).
Optional list of allowed HTTP origins for this API key. When set, requests must include an Origin header matching one of these values. Supports exact matches (e.g., 'https://docs.example.com') and wildcard subdomains (e.g., 'https://*.example.com'). Only enforced for browser requests (defense-in-depth, not a security boundary). Null means no origin restriction.
[
"https://docs.example.com",
"https://*.example.com"
]End-user identifier for document-level ACL (row-level security). When set, this key is user-scoped: all document reads are automatically filtered to documents the principal owns or has been granted access to. This represents an end-user in your application, NOT an org user.