Create a new API key
Creates a new API key record and returns a one-time plaintext credential (`ath_{public}.{secret}`). Persist the returned secret securely; it is not retrievable later from the API.
Header Parameters
The static admin key configured as ATHENA_KEY_12. Authorization headers (Bearer <key>), X-API-Key, X-Athena-Key, or ?api_key= are also accepted.
Request Body
application/json
date-timeWhen true, the key starts with no per-key whitelist/blacklist and learns caller IPs until virgin_until_n_requests or max_whitelist_ips distinct IPs is reached, whichever comes first.
Lock the key after this many successful authentications; 0 disables the request counter and lets max_whitelist_ips drive lock-in.
0 <= valueHard cap on the per-key whitelist; 0 means unlimited.
0 <= valueInitial per-key IP/CIDR whitelist entries. Ignored when virgin_mode is true.
Initial per-key IP/CIDR blacklist entries. Ignored when virgin_mode is true.
Response Body
application/json
application/json
curl -X POST "https://athena-cluster.com/admin/api-keys" \ -H "apikey: string" \ -H "Content-Type: application/json" \ -d '{ "name": "gateway-readonly", "description": "Read-only key for dashboard fetch operations", "client_name": "athena_logging", "rights": [ "gateway.fetch.execute", "gateway.query.execute" ] }'{
"api_key": "ath_abcd1234efgh5678.secretfragment",
"record": {
"id": "f5c4dfb5-3318-4577-a0c3-ea03fc06f942",
"public_id": "abcd1234efgh5678",
"name": "gateway-readonly",
"description": "Read-only key for dashboard fetch operations",
"client_name": "athena_logging",
"is_active": true,
"rights": [
"gateway.fetch.execute",
"gateway.query.execute"
]
}
}{
"status": "error",
"message": "string",
"error": "string"
}