> ## Documentation Index > Fetch the complete documentation index at: https://docs.sdk.anghami.com/llms.txt > Use this file to discover all available pages before exploring further. # CreateApiKey > CreateApiKey creates a new API key with the specified name and scopes. Returns the full key secret once — it cannot be retrieved again. ## OpenAPI ````yaml /api/anghami-sdk.openapi.yaml post /v1/developer/keys openapi: 3.1.0 info: title: Anghami + OSN+ SDK description: >- Unified OpenAPI bundle covering all Anghami + OSN+ SDK services (music + video streaming). contact: name: Anghami Developer Platform email: developers@anghami.com version: 1.0.0 servers: - url: https://sdk.anghami.com security: [] paths: /v1/developer/keys: post: tags: - DeveloperService summary: CreateApiKey description: |- CreateApiKey creates a new API key with the specified name and scopes. Returns the full key secret once — it cannot be retrieved again. operationId: CreateApiKey parameters: - name: Authorization in: header description: >- OAuth 2.0 Bearer token. Required for all key management operations. Format: Bearer . required: true schema: type: string example: Bearer eyJhbGciOiJSUzI1NiIs... requestBody: content: application/json: schema: $ref: '#/components/schemas/sdk_developer_v1_CreateApiKeyRequest' required: true responses: '200': description: Successful response content: application/json: schema: $ref: '#/components/schemas/sdk_developer_v1_CreateApiKeyResponse' '400': description: Validation error content: application/json: schema: $ref: '#/components/schemas/ValidationError' default: description: Error response content: application/json: schema: $ref: '#/components/schemas/Error' components: schemas: sdk_developer_v1_CreateApiKeyRequest: type: object properties: name: type: string maxLength: 100 minLength: 1 description: Developer-assigned label for the key (e.g. "Production", "Staging"). scopes: type: array items: type: string minItems: 1 description: |- Permission scopes to grant to this key (e.g. "read", "stream"). At least one scope is required. minItems: 1 required: - name description: CreateApiKeyRequest is the request message for creating a new API key. sdk_developer_v1_CreateApiKeyResponse: type: object properties: apiKey: $ref: '#/components/schemas/sdk_developer_v1_ApiKey' secret: type: string description: >- The full API key secret. This is the value to pass in the x-api-key header. Store it securely — it is only returned on creation and rotation. description: >- CreateApiKeyResponse is the response message containing the newly created API key. This is the only time the full secret is returned. ValidationError: type: object properties: violations: type: array items: $ref: '#/components/schemas/FieldViolation' description: List of validation violations required: - violations description: >- ValidationError is returned when request validation fails. It contains a list of field violations describing what went wrong. Error: type: object properties: message: type: string description: Error message (e.g., 'user not found', 'database connection failed') description: >- Error is returned when a handler encounters an error. It contains a simple error message that the developer can customize. sdk_developer_v1_ApiKey: type: object properties: id: type: string description: Unique identifier for the API key. name: type: string description: >- Developer-assigned label for identification (e.g. "Production", "Staging"). keyPrefix: type: string description: |- Visible prefix for identification (e.g. "ang_live_abc"). The full key is never returned after initial creation. status: type: string enum: - API_KEY_STATUS_UNSPECIFIED - API_KEY_STATUS_ACTIVE - API_KEY_STATUS_REVOKED description: ApiKeyStatus represents the lifecycle state of an API key. scopes: type: array items: type: string description: >- Granted permission scopes for this key. Valid values: "read", "stream". createdAt: type: string description: ISO 8601 timestamp of when the key was created. lastUsedAt: type: string description: |- ISO 8601 timestamp of when the key was last used for authentication. Empty if the key has never been used. expiresAt: type: string description: |- ISO 8601 timestamp of when the key expires. Empty if the key does not expire. description: >- ApiKey represents a developer API key used for server-to-server authentication. API keys are passed in the x-api-key HTTP header and are billed per key. The full secret is only returned on creation and rotation. FieldViolation: type: object properties: field: type: string description: >- The field path that failed validation (e.g., 'user.email' for nested fields). For header validation, this will be the header name (e.g., 'X-API-Key') description: type: string description: >- Human-readable description of the validation violation (e.g., 'must be a valid email address', 'required field missing') required: - field - description description: FieldViolation describes a single validation error for a specific field. ````