post__organization_{orgId}_key

POST /organization/{idOrg}/key

Generate Organization Key

Generate a new RSA key pair for organization authentication and node registration.

This endpoint creates a new RSA key pair (2048-bit) for the specified organization. The public key is stored securely in the database, while the private key is returned as a downloadable PEM file for immediate use by bridge nodes.

Key Features:

Generates 2048-bit RSA key pairs for secure authentication
Private key returned as downloadable PEM file
Public key stored securely in the database
Automatic key-node association for registered nodes
System event logging for audit trails

Access Control:

Requires ADMINISTRATOR or OWNER role within the organization
Users can only manage keys for their own organization
Maximum key limit enforced per organization (default: 5 keys)

Security:

Private keys are only returned once during generation
Public keys are stored encrypted in the database
All operations are logged for security auditing

Quota Limits:

Maximum keys per organization: 5 (configurable via ORGKEYS_MAX environment variable)
Returns 400 error when quota exceeded

TypeScript Client Library

public generateOrgKey = async (idOrg: string): Promise<string> => {
  return this.makeRequest<string>(`organization/${idOrg}/key`, 'POST');
};

Code Samples

# You can also use wget
curl -X POST https://backend.flashback.tech/organization/{idOrg}/key \
  -H 'Accept: application/x-pem-file' \
  -H 'Authorization: Bearer {access-token}' \
  --output private_key.pem

POST https://backend.flashback.tech/organization/{idOrg}/key HTTP/1.1
Host: localhost:3000
Accept: application/x-pem-file
Authorization: Bearer {access-token}

const headers = {
  'Accept':'application/x-pem-file',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/organization/{idOrg}/key',
{
  method: 'POST',
  headers: headers
})
.then(function(res) {
    return res.blob();
}).then(function(blob) {
    // Save the private key file
    const url = window.URL.createObjectURL(blob);
    const a = document.createElement('a');
    a.href = url;
    a.download = 'private_key.pem';
    a.click();
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/x-pem-file',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://backend.flashback.tech/organization/{idOrg}/key',
  params: {
  }, headers: headers

# Save the private key to file
File.open('private_key.pem', 'w') { |f| f.write(result) }

import requests
headers = {
  'Accept': 'application/x-pem-file',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://backend.flashback.tech/organization/{idOrg}/key', headers = headers)

# Save the private key to file
with open('private_key.pem', 'w') as f:
    f.write(r.text)

<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/x-pem-file',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

try {
    $response = $client->request('POST','https://backend.flashback.tech/organization/{idOrg}/key', array(
        'headers' => $headers,
       )
    );
    
    // Save the private key to file
    file_put_contents('private_key.pem', $response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...

URL obj = new URL("https://backend.flashback.tech/organization/{idOrg}/key");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/x-pem-file");
con.setRequestProperty("Authorization", "Bearer {access-token}");

int responseCode = con.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK) {
    BufferedReader in = new BufferedReader(
        new InputStreamReader(con.getInputStream()));
    String inputLine;
    StringBuffer response = new StringBuffer();
    while ((inputLine = in.readLine()) != null) {
        response.append(inputLine);
        response.append("\n");
    }
    in.close();
    
    // Save the private key to file
    Files.write(Paths.get("private_key.pem"), response.toString().getBytes());
}

package main

import (
       "bytes"
       "net/http"
       "io/ioutil"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/x-pem-file"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{})
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/organization/{idOrg}/key", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    
    if err == nil {
        body, _ := ioutil.ReadAll(resp.Body)
        ioutil.WriteFile("private_key.pem", body, 0644)
    }
}

Parameters

Name

Type

Required

Description

idOrg

path

string

true

Organization ID for which to generate the key

Example responses

200 Response

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7VJTUt9Us8cKBwT1L6O5VfwlrP0xP2B5iZvr5Xq5BwL1K2Y3
...
-----END RSA PRIVATE KEY-----

400 Response

{
  "success": false,
  "message": "Maximum number of organization keys (5) has been reached. Please delete existing keys before creating new ones."
}

403 Response

{
  "success": false,
  "message": "Access denied: you can only manage keys for your own organization"
}

Responses

Status

Meaning

Description

Schema

200

Private key generated successfully (PEM format)

Inline

400

Bad Request

Quota exceeded or validation error

Inline

403

Forbidden

Insufficient permissions or access denied

Inline

500

Internal Server Error

Key generation failed

Inline

Response Schema

Status Code 200

Name

Type

Required

Restrictions

Description

Body

string

false

none

RSA private key in PEM format

Status Code 400

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Operation success status

» message

string

false

none

Error message describing the issue

Status Code 403

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Operation success status

» message

string

false

none

Error message describing the permission issue

Status Code 500

Name

Type

Required

Restrictions

Description

» success

boolean

false

none

Operation success status

» message

string

false

none

Error message describing the internal error

To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth

Previousget__organization_{orgId}_key Nextdelete__organization_{orgId}_key

Last updated 23 days ago

Was this helpful?