API ReferenceService Accounts
Create API Key
Generate a new API key for a service account with optional scoping and expiration.
Endpoint
POST /v1/service-accounts/{id}/keysBase URL: https://api-id.avnology.net
Authentication: API Key or OAuth token with admin:service-accounts:write scope
The full API key is only returned in this response. Store it securely -- it cannot be retrieved again.
Request
curl -X POST "https://api-id.avnology.net/v1/service-accounts/sa_3c2d1e0f/keys" \
-H
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Human-readable key name |
scopes | string[] | No | Limit key to specific scopes (empty = all scopes) |
expire_time | string | No | ISO 8601 expiration (null = never expires) |
Response
Success (201 Created)
{
"id": "key_def456",
"key": "ak_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6a7b8c9d0",
"prefix": "ak_live_a1b2...",
"name": "Production key",
"scopes": ["admin:users:read", "admin:users:write"],
"expire_time": "2027-04-08T00:00:00Z",
"active": true,
"create_time":
Important: The key field contains the full API key. This is the only time it will be shown. Store it in a secure secret manager.
Errors
| Status | Code | Description |
|---|---|---|
| 404 | AVNOLOGY_AUTH_901 | Service account not found |
| 400 | AVNOLOGY_AUTH_902 | Invalid scopes or expiration |
Related
- List API Keys -- list keys for a service account
- Rotate API Key -- rotate with grace period
- Revoke API Key -- immediately revoke
- SDK:
client.admin.createApiKey(serviceAccountId, { name, scopes })(TypeScript)