# post\_\_organization\_{orgId}\_key

`POST /organization/{idOrg}/key`

*Generate Organization Key*

Generate a new RSA key pair for organization authentication and node registration.

This endpoint creates a new RSA key pair (2048-bit) for the specified organization. The public key is stored securely in the database, while the private key is returned as a downloadable PEM file for immediate use by bridge nodes.

**Key Features:**

* Generates 2048-bit RSA key pairs for secure authentication
* Private key returned as downloadable PEM file
* Public key stored securely in the database
* Automatic key-node association for registered nodes
* System event logging for audit trails

**Access Control:**

* Requires ADMINISTRATOR or OWNER role within the organization
* Users can only manage keys for their own organization
* Maximum key limit enforced per organization (default: 5 keys)

**Security:**

* Private keys are only returned once during generation
* Public keys are stored encrypted in the database
* All operations are logged for security auditing

**Quota Limits:**

* Maximum keys per organization: 5 (configurable via `ORGKEYS_MAX` environment variable)
* Returns 400 error when quota exceeded

#### TypeScript Client Library

```typescript
public generateOrgKey = async (idOrg: string): Promise<string> => {
  return this.makeRequest<string>(`organization/${idOrg}/key`, 'POST');
};
```

#### Code Samples

{% tabs %}
{% tab title="Shell" %}

```shell
# You can also use wget
curl -X POST https://backend.flashback.tech/organization/{idOrg}/key \
  -H 'Accept: application/x-pem-file' \
  -H 'Authorization: Bearer {access-token}' \
  --output private_key.pem
```

{% endtab %}

{% tab title="HTTP" %}

```http
POST https://backend.flashback.tech/organization/{idOrg}/key HTTP/1.1
Host: localhost:3000
Accept: application/x-pem-file
Authorization: Bearer {access-token}
```

{% endtab %}

{% tab title="JavaScript" %}

```javascript
const headers = {
  'Accept':'application/x-pem-file',
  'Authorization':'Bearer {access-token}'
};

fetch('https://backend.flashback.tech/organization/{idOrg}/key',
{
  method: 'POST',
  headers: headers
})
.then(function(res) {
    return res.blob();
}).then(function(blob) {
    // Save the private key file
    const url = window.URL.createObjectURL(blob);
    const a = document.createElement('a');
    a.href = url;
    a.download = 'private_key.pem';
    a.click();
});
```

{% endtab %}

{% tab title="Ruby" %}

```ruby
require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/x-pem-file',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://backend.flashback.tech/organization/{idOrg}/key',
  params: {
  }, headers: headers

# Save the private key to file
File.open('private_key.pem', 'w') { |f| f.write(result) }
```

{% endtab %}

{% tab title="Python" %}

```python
import requests
headers = {
  'Accept': 'application/x-pem-file',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://backend.flashback.tech/organization/{idOrg}/key', headers = headers)

# Save the private key to file
with open('private_key.pem', 'w') as f:
    f.write(r.text)
```

{% endtab %}

{% tab title="PHP" %}

```php
<?php

require 'vendor/autoload.php';

$headers = array(
    'Accept' => 'application/x-pem-file',
    'Authorization' => 'Bearer {access-token}',
);

$client = new \GuzzleHttp\Client();

try {
    $response = $client->request('POST','https://backend.flashback.tech/organization/{idOrg}/key', array(
        'headers' => $headers,
       )
    );
    
    // Save the private key to file
    file_put_contents('private_key.pem', $response->getBody()->getContents());
 }
 catch (\GuzzleHttp\Exception\BadResponseException $e) {
    // handle exception or api errors.
    print_r($e->getMessage());
 }

 // ...
```

{% endtab %}

{% tab title="Java" %}

```java
URL obj = new URL("https://backend.flashback.tech/organization/{idOrg}/key");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("Accept", "application/x-pem-file");
con.setRequestProperty("Authorization", "Bearer {access-token}");

int responseCode = con.getResponseCode();
if (responseCode == HttpURLConnection.HTTP_OK) {
    BufferedReader in = new BufferedReader(
        new InputStreamReader(con.getInputStream()));
    String inputLine;
    StringBuffer response = new StringBuffer();
    while ((inputLine = in.readLine()) != null) {
        response.append(inputLine);
        response.append("\n");
    }
    in.close();
    
    // Save the private key to file
    Files.write(Paths.get("private_key.pem"), response.toString().getBytes());
}
```

{% endtab %}

{% tab title="Go" %}

```go
package main

import (
       "bytes"
       "net/http"
       "io/ioutil"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/x-pem-file"},
        "Authorization": []string{"Bearer {access-token}"},
    }

    data := bytes.NewBuffer([]byte{})
    req, err := http.NewRequest("POST", "https://backend.flashback.tech/organization/{idOrg}/key", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    
    if err == nil {
        body, _ := ioutil.ReadAll(resp.Body)
        ioutil.WriteFile("private_key.pem", body, 0644)
    }
}
```

{% endtab %}
{% endtabs %}

#### Parameters <a href="#post__organization_-orgid-_key-parameters" id="post__organization_-orgid-_key-parameters"></a>

| Name  | In   | Type   | Required | Description                                   |
| ----- | ---- | ------ | -------- | --------------------------------------------- |
| idOrg | path | string | true     | Organization ID for which to generate the key |

> Example responses

> 200 Response

```
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA7VJTUt9Us8cKBwT1L6O5VfwlrP0xP2B5iZvr5Xq5BwL1K2Y3
...
-----END RSA PRIVATE KEY-----
```

> 400 Response

```json
{
  "success": false,
  "message": "Maximum number of organization keys (5) has been reached. Please delete existing keys before creating new ones."
}
```

> 403 Response

```json
{
  "success": false,
  "message": "Access denied: you can only manage keys for your own organization"
}
```

#### Responses <a href="#post__organization_-orgid-_key-responses" id="post__organization_-orgid-_key-responses"></a>

| Status | Meaning                                                                    | Description                                     | Schema |
| ------ | -------------------------------------------------------------------------- | ----------------------------------------------- | ------ |
| 200    | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1)                    | Private key generated successfully (PEM format) | Inline |
| 400    | [Bad Request](https://tools.ietf.org/html/rfc7231#section-6.5.1)           | Quota exceeded or validation error              | Inline |
| 403    | [Forbidden](https://tools.ietf.org/html/rfc7231#section-6.5.3)             | Insufficient permissions or access denied       | Inline |
| 500    | [Internal Server Error](https://tools.ietf.org/html/rfc7231#section-6.6.1) | Key generation failed                           | Inline |

#### Response Schema <a href="#post__organization_-orgid-_key-responseschema" id="post__organization_-orgid-_key-responseschema"></a>

Status Code **200**

| Name | Type   | Required | Restrictions | Description                   |
| ---- | ------ | -------- | ------------ | ----------------------------- |
| Body | string | false    | none         | RSA private key in PEM format |

Status Code **400**

| Name      | Type    | Required | Restrictions | Description                        |
| --------- | ------- | -------- | ------------ | ---------------------------------- |
| » success | boolean | false    | none         | Operation success status           |
| » message | string  | false    | none         | Error message describing the issue |

Status Code **403**

| Name      | Type    | Required | Restrictions | Description                                   |
| --------- | ------- | -------- | ------------ | --------------------------------------------- |
| » success | boolean | false    | none         | Operation success status                      |
| » message | string  | false    | none         | Error message describing the permission issue |

Status Code **500**

| Name      | Type    | Required | Restrictions | Description                                 |
| --------- | ------- | -------- | ------------ | ------------------------------------------- |
| » success | boolean | false    | none         | Operation success status                    |
| » message | string  | false    | none         | Error message describing the internal error |

To perform this operation, you must be authenticated by means of one of the following methods: BearerAuth


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flashback.tech/support-reference/platform-api-reference/storage-apis/node-registration/post__organization_-orgid-_key.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.