POST
https://api.craftkit.dev/v1/projects/{id}/keysck_live_…) for a project owned by the authenticated account. This
is the programmatic bridge from your one account key into the existing per-project API — the
minted key authenticates every endpoint documented under
Templates, Renders, and
Signatures for that project, exactly like a key minted from the
dashboard’s Project → API keys page.
Authorization
Bearer ck_acct_… — must own the target project.Path
The project id (UUID) to mint a key for.
Body
The body itself is optional — an empty/omitted body mints a key namedAPI key.
A label for the key (1–200 chars), e.g.
Render service (prod). Shown in the dashboard so you can
tell keys apart when revoking. Defaults to "API key" when omitted.Response
201:
UUID of the new key row.
Echoes the path
id — the project this key is scoped to.Echoed back (or the
"API key" default).Public-facing prefix (e.g.
ck_live_aBcDe) — safe to display in a UI after creation.The plaintext project key. Shown exactly once — only its SHA-256 hash is stored, so store it
immediately (secret manager or env var). If you lose it, mint a new one and revoke this one.
Errors
| Status | code | Meaning |
|---|---|---|
| 400 | invalid_json | Body is not valid JSON. |
| 400 | invalid_request | name present but empty or over 200 chars. |
| 401 | unauthorized | Missing, invalid, or wrong-type (ck_live_…) bearer token. |
| 404 | not_found | No such project owned by this account — a key is never minted for a project you don’t own. |
cURL
201