> ## Documentation Index
> Fetch the complete documentation index at: https://docs.craftkit.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Mint a project API key

> POST /v1/projects/:id/keys — mint a ck_live_ project key for a project owned by your account.

<Info>**POST** `https://api.craftkit.dev/v1/projects/{id}/keys`</Info>

Mint a new **project** API key (`ck_live_…`) for a project owned by the authenticated account. This
is the programmatic bridge from your one account key into the existing per-project API — the
minted key authenticates every endpoint documented under
[Templates](/api-reference/create-template), [Renders](/api-reference/get-render), and
[Signatures](/api-reference/create-signature) for that project, exactly like a key minted from the
dashboard's **Project → API keys** page.

<Warning>
  This endpoint mints **only** `ck_live_…` project keys — never an account key (`ck_acct_…`). The
  account key itself is issued only from the dashboard (**Account → API keys**); there is no
  endpoint that mints one. See [Account-key auth](/guides/account-api).
</Warning>

## Authorization

<ParamField header="Authorization" type="string" required>
  `Bearer ck_acct_…` — must own the target project.
</ParamField>

## Path

<ParamField path="id" type="string" required>The project id (UUID) to mint a key for.</ParamField>

## Body

The body itself is optional — an empty/omitted body mints a key named `API key`.

<ParamField body="name" type="string">
  A label for the key (1–200 chars), e.g. `Render service (prod)`. Shown in the dashboard so you can
  tell keys apart when revoking. Defaults to `"API key"` when omitted.
</ParamField>

## Response

`201`:

<ResponseField name="id" type="string">UUID of the new key row.</ResponseField>
<ResponseField name="projectId" type="string">Echoes the path `id` — the project this key is scoped to.</ResponseField>
<ResponseField name="name" type="string">Echoed back (or the `"API key"` default).</ResponseField>

<ResponseField name="prefix" type="string">
  Public-facing prefix (e.g. `ck_live_aBcDe`) — safe to display in a UI after creation.
</ResponseField>

<ResponseField name="key" type="string">
  The plaintext project key. **Shown exactly once** — only its SHA-256 hash is stored, so store it
  immediately (secret manager or env var). If you lose it, mint a new one and revoke this one.
</ResponseField>

<ResponseField name="createdAt" type="string" />

## Errors

| Status | code              | Meaning                                                                                    |
| ------ | ----------------- | ------------------------------------------------------------------------------------------ |
| 400    | `invalid_json`    | Body is not valid JSON.                                                                    |
| 400    | `invalid_request` | `name` present but empty or over 200 chars.                                                |
| 401    | `unauthorized`    | Missing, invalid, or wrong-type (`ck_live_…`) bearer token.                                |
| 404    | `not_found`       | No such project owned by this account — a key is never minted for a project you don't own. |

```bash cURL theme={null}
curl -X POST https://api.craftkit.dev/v1/projects/3f9b6c2e-1a2b-4c3d-9e8f-7a6b5c4d3e2f/keys \
  -H "Authorization: Bearer $CRAFTKIT_ACCOUNT_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "name": "Render service (prod)" }'
```

```json 201 theme={null}
{
  "id": "9c8b7a6d-5e4f-3a2b-1c0d-9e8f7a6b5c4d",
  "projectId": "3f9b6c2e-1a2b-4c3d-9e8f-7a6b5c4d3e2f",
  "name": "Render service (prod)",
  "prefix": "ck_live_aBcDe",
  "key": "ck_live_aBcDeFgHiJkLmNoPqRsTuVwXyZ012345",
  "createdAt": "2026-07-02T00:00:00.000Z"
}
```

<Tip>
  For a per-customer multi-tenant integration: create one project per customer
  ([`POST /v1/projects`](/api-reference/create-project)), mint one project key here, cache it against
  that customer, and use the cached `ck_live_…` key for every render/sign call for them from then on.
  See [Account-key auth](/guides/account-api) for the full pattern.
</Tip>
