Reten Docs

Create API Key

Generate a new API key with scoped permissions for programmatic access.

POST /api/api-keys

Create a new API key for the authenticated user in the active tenant. The plaintext key is returned only once in the response — store it securely.

Auth: Required — MANAGE_API_KEYS permission

Request Body

FieldTypeRequiredDescription
namestringYesHuman-readable label for the key (max 255 characters)
permissionsstring[]YesList of permission names to grant (minimum 1). Must be a subset of the creator's own permissions
expiresAtstringNoISO 8601 expiration date. Key is automatically rejected after this date

Example

curl -X POST https://api.reten.ai/api/api-keys \
  -H "Authorization: Bearer <token>" \
  -H "x-tenant-id: <tenant-id>" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "CI/CD Pipeline Key",
    "permissions": ["manage_commerces", "view_activities"],
    "expiresAt": "2026-12-31T23:59:59Z"
  }'
const response = await fetch("https://api.reten.ai/api/api-keys", {
  method: "POST",
  headers: {
    "Authorization": "Bearer <token>",
    "x-tenant-id": "<tenant-id>",
    "Content-Type": "application/json",
  },
  body: JSON.stringify({
    name: "CI/CD Pipeline Key",
    permissions: ["manage_commerces", "view_activities"],
    expiresAt: "2026-12-31T23:59:59Z",
  }),
});
const data = await response.json();
const plaintextKey = data.plaintextKey; // Store securely — returned only once
import requests

response = requests.post(
    "https://api.reten.ai/api/api-keys",
    headers={
        "Authorization": "Bearer <token>",
        "x-tenant-id": "<tenant-id>",
    },
    json={
        "name": "CI/CD Pipeline Key",
        "permissions": ["manage_commerces", "view_activities"],
        "expiresAt": "2026-12-31T23:59:59Z",
    },
)
data = response.json()
plaintext_key = data["plaintextKey"]  # Store securely — returned only once

Response 201 Created

{
  "id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
  "name": "CI/CD Pipeline Key",
  "keyPrefix": "rtn_sk_a1b2c3d4",
  "plaintextKey": "rtn_sk_a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4a5b6c7d8",
  "userId": "550e8400-e29b-41d4-a716-446655440000",
  "tenantId": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "isActive": true,
  "permissions": ["manage_commerces", "view_activities"],
  "expiresAt": "2026-12-31T23:59:59.000Z",
  "lastUsedAt": null,
  "createdAt": "2026-02-26T14:30:00.000Z",
  "revokedAt": null
}

The plaintextKey field is only included in the creation response. It cannot be retrieved again — if lost, revoke the key and create a new one.

Error Responses

StatusDescription
400Validation error — missing fields, empty permissions array, or invalid permission names
401Missing or invalid authentication token
403Requested permissions are not a subset of the creator's own permissions