Overview
Create a new API key for the authenticated user. The key is returned only once in the response - store it securely.
Security:
- API keys are encrypted before storage
- Keys expire after 90 days by default (configurable up to 365 days)
- Track last usage and expiration dates
- Audit logs record all key creation events
Request Body
Number of days until the API key expires
- Minimum: 1 day
- Maximum: 365 days
- Default: 90 days
Response
Unique UUID identifier of the API key
UUID of the organization this key belongs to
The actual API key value. Only returned once during creation. Store this securely.Use this key in the Authorization: Bearer <key> header for API requests.
When the key was created (ISO 8601)
When the key was last modified (ISO 8601)
When the key will expire (ISO 8601)
When the key was last used (ISO 8601). null for newly created keys.
Email address of the user who created the key
Email address of the user who last modified the key
Example Request
curl -X POST https://api.airweave.ai/v1/api-keys \
-H "Authorization: Bearer YOUR_CURRENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"expiration_days": 90
}'
Example Response
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"organization_id": "770e8400-e29b-41d4-a716-446655440001",
"decrypted_key": "awv_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"created_at": "2024-03-15T10:00:00Z",
"modified_at": "2024-03-15T10:00:00Z",
"expiration_date": "2024-06-13T10:00:00Z",
"last_used_date": null,
"created_by_email": "[email protected]",
"modified_by_email": "[email protected]"
}
Best Practices
- Store keys securely: Never commit API keys to version control
- Rotate regularly: Use the rotate endpoint to refresh keys before expiration
- Monitor usage: Check
last_used_date to identify unused keys
- Delete unused keys: Remove keys that are no longer needed
- Set appropriate expiration: Use shorter expiration periods for production keys
Error Responses
Invalid expiration_days value (must be 1-365)
Missing or invalid authentication