Skip to main content
You can create API keys from the dashboard (required for your first key) or programmatically via the API for additional keys.

Create via Dashboard

1

Open API Keys

In the dashboard, open the profile icon (top right), then select API Keys from the dropdown.
Profile icon (top right) with dropdown open; select API Keys to open the API Keys page.
2

Click Create API Key

Click the + Create API Key button to open the creation form.
API Keys page with keys table; click + Create API Key to open the creation form.
3

Fill in the form

The creation modal has the following fields:
  • Name (required) — A label for the key, e.g. “CI pipeline” or “Backend service”.
  • Expiration (optional) — Toggle on and pick a date if you want the key to expire automatically.
  • IP Restrictions (optional) — Add one or more IP addresses or CIDR ranges. When set, only requests from these IPs can use the key.
  • Subaccount Access (optional) — Select specific subaccounts the key can access. Leave empty to allow access to all subaccounts.
  • Permissions (required) — Select which actions the key can perform. Permissions are grouped into Account Management (manage API keys themselves) and Product (datacenter, residential, etc.). Use the bulk buttons (“Read All”, “Write All”, “Delete All”) to quickly assign permissions across products.
See Permissions for details on permission types, the permission reference for the full list of permissions, and Scopes and restrictions for more on restrictions.
Create New API Key modal: name, expiration, IP restrictions, subaccount access, and account management permissions.
4

Copy your token

After clicking Create, the dashboard displays your new API key token. This is the only time the full token is shown — copy it and store it securely.
One-time token display after key creation
The full token is shown only once at creation. If you lose it, you will need to regenerate the key to get a new secret.

Create via API

For automation and scripting, you can create keys programmatically. This requires an existing API key with account:apikeys:create permission. POST /v4/account/api-keys

Request body

FieldTypeRequiredDescription
namestringYesA label for the key (e.g. “CI pipeline”, “Backend service”).
permissionsarray of stringsYesList of permission identifiers (e.g. datacenter_shared:read, account:apikeys:read).
allowed_subaccountsarray of stringsNoSubaccount IDs this key can act on. Empty or omitted = all subaccounts the creator can access.
allowed_ipsarray of stringsNoAllowed client IPs (single IP or CIDR). Omitted = no IP restriction.
expires_atinteger (Unix timestamp) or nullNoWhen the key expires. Must be in the future. Omit or null for no expiry.
You can only assign permissions that your own key or session is allowed. Use GET /v4/account/api-keys/allowed-permissions to see which permissions you can grant.

Response

On success, the response includes the new API key object. The full token (secret) is returned only once at creation. Store it securely; you cannot retrieve it again. To get a new secret, use the regenerate endpoint.

Permissions

How permissions are formatted and how allowed permissions are determined.

Permission reference

Full list of product and account API key permissions.