# post\_\_apikeys

## Request

**Endpoint**: `POST /apikeys`

Creates a new API key entry associated with a specific workspace, allowing it to be reused when provisioning storage units or AI models. This endpoint requires a valid session token.

### Request Body (CreateProviderApiKeyRequest)

| Field         | Type                | Required | Description                                                          |
| ------------- | ------------------- | -------- | -------------------------------------------------------------------- |
| `workspaceId` | string              | Yes      | The unique identifier of the workspace to link this API key to.      |
| `key`         | string              | Yes      | The public key, identifier, or email (depending on the provider).    |
| `secret`      | string              | Yes      | The private key or secret password. This is encrypted before saving. |
| `provider`    | string              | Yes      | The provider type enum (e.g., `AWS`, `GCP`, `AZURE`).                |
| `endpoint`    | string \| undefined | Optional | The custom endpoint URL (useful for S3-compatible endpoints).        |
| `region`      | string \| undefined | Optional | The specific geographical region for the provider.                   |

### Request Example

{% tabs %}
{% tab title="cURL" %}

```bash
curl -X POST "https://backend.flashback.tech/apikeys" \
  -H "Authorization: Bearer <your-session-token>" \
  -H "Content-Type: application/json" \
  -d '{
    "workspaceId": "workspace-uuid",
    "key": "YOUR_ACCESS_KEY",
    "secret": "YOUR_SECRET_KEY",
    "provider": "AWS",
    "endpoint": "s3.us-east-1.amazonaws.com",
    "region": "us-east-1"
  }'
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
const response = await fetch("https://backend.flashback.tech/apikeys", {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer <your-session-token>',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    workspaceId: "workspace-uuid",
    key: "YOUR_ACCESS_KEY",
    secret: "YOUR_SECRET_KEY",
    provider: "AWS",
    endpoint: "s3.us-east-1.amazonaws.com",
    region: "us-east-1"
  })
});
const data = await response.json();
console.log(data);
```

{% endtab %}

{% tab title="Python" %}

```python
import requests

url = "https://backend.flashback.tech/apikeys"
headers = {
    "Authorization": "Bearer <your-session-token>",
    "Content-Type": "application/json"
}
payload = {
    "workspaceId": "workspace-uuid",
    "key": "YOUR_ACCESS_KEY",
    "secret": "YOUR_SECRET_KEY",
    "provider": "AWS",
    "endpoint": "s3.us-east-1.amazonaws.com",
    "region": "us-east-1"
}

response = requests.post(url, headers=headers, json=payload)
print(response.json())
```

{% endtab %}

{% tab title="Go" %}

```go
import (
	"bytes"
	"fmt"
	"io/ioutil"
	"net/http"
)

func main() {
	url := "https://backend.flashback.tech/apikeys"
	payload := []byte(`{
		"workspaceId": "workspace-uuid",
		"key": "YOUR_ACCESS_KEY",
		"secret": "YOUR_SECRET_KEY",
		"provider": "AWS",
		"endpoint": "s3.us-east-1.amazonaws.com",
		"region": "us-east-1"
	}`)

	req, _ := http.NewRequest("POST", url, bytes.NewBuffer(payload))
	req.Header.Add("Authorization", "Bearer <your-session-token>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)
	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(string(body))
}
```

{% endtab %}
{% endtabs %}

***

## Response

### Response Fields (CreateProviderApiKeyResponse)

| Field      | Type    | Description                                            |
| ---------- | ------- | ------------------------------------------------------ |
| `success`  | boolean | Indicates whether the request was successful (`true`). |
| `apiKeyId` | string  | The UUID of the newly created API key.                 |

### Response Example (201 Created)

```json
{
  "success": true,
  "apiKeyId": "a1b2c3d4-..."
}
```

***

## Error Responses

### 400 Bad Request

Returned when required inputs are missing, or an identical API key already exists in this workspace.

```json
{
  "success": false,
  "message": "Workspace ID is required" // or "API key with these credentials already exists"
}
```

### 401 Unauthorized

Returned when the session token is missing, invalid, or the user cannot be validated.

```json
{
  "success": false,
  "message": "User not found or not validated"
}
```

### 403 Forbidden

Returned when the user does not have permission to create API keys or write to buckets in the specified workspace.

```json
{
  "success": false,
  "message": "Insufficient permissions"
}
```

### 500 Internal Server Error

Returned when an unexpected server error occurs.

```json
{
  "success": false,
  "message": "Internal server error"
}
```