Create API Key
Create a new API key for programmatic access. The full plaintext key is returned only once—store it securely. Secret keys are hashed (bcrypt) before storage; publishable keys are stored in plaintext. Creating a new publishable key automatically revokes any existing active publishable key in the same environment.
Authorization
bearerAuth Use your secret API key as the bearer token
In: header
Request Body
application/json
A human-readable name for the API key
1 <= length <= 100Type of key. Secret keys (sk_) have full API access and must include 'admin' permission. Publishable keys (pk_) are for client-side use with 'public' permission only.
"secret" | "publishable"Environment for the key
"live""live" | "test"Permission levels. Defaults to ['admin'] for secret keys and ['public'] for publishable keys. Secret keys MUST include 'admin'.
Response Body
application/json
application/json
application/json
curl -X POST "https://api.getlumen.dev/v1/api-keys" \ -H "Content-Type: application/json" \ -d '{ "name": "Production API Key", "keyType": "secret", "environment": "live" }'{
"success": true,
"data": {
"id": "key_abc123xyz",
"merchantId": "merch_def456uvw",
"name": "Production API Key",
"keyType": "secret",
"environment": "live",
"permissions": [
"admin"
],
"keyValue": "sk_live_x7y8z9a1b2c3d4e5f6g7h8i9",
"prefix": "sk_live_x7y8",
"createdAt": "2025-01-15T10:30:00.000Z",
"expiresAt": null,
"revokedAt": null,
"lastUsedAt": null
}
}{
"error": "Bad Request",
"details": "Secret keys must include the 'admin' permission."
}{
"error": "Failed to create API key",
"details": "Database connection timeout"
}