Skip to main content
POST
/
api
/
v1
/
api-keys
Create Api Key
curl --request POST \
  --url https://roughy-api-staging.fly.dev/api/v1/api-keys \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "production-deploy"
}
'
{
  "created_at": "2026-04-22T11:08:42.193000Z",
  "id": "019de7e0-a858-7ee3-9613-629b3a2618e9",
  "name": "production-deploy",
  "plaintext": "rk_live_aB3xK9mN_REPLACE_WITH_REAL_KEY_AFTER_MINT",
  "prefix": "rk_live_aB3xK9mN"
}

Documentation Index

Fetch the complete documentation index at: https://docs.roughy.ai/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Either your Supabase session JWT (UI flows) or an API key minted via POST /api-keys (programmatic flows). Pass it as Authorization: Bearer <token>. The server inspects the token format and routes to JWT or API-key verification automatically.

Body

application/json

Body of POST /api-keys.

name
string
required

User-chosen label for the key (e.g. 'production-deploy', 'ci-runner'). Stored verbatim and shown in the dashboard alongside the prefix.

Required string length: 1 - 120

Response

Successful Response

Response to POST /api-keys. Adds the one-shot plaintext field.

id
string<uuid>
required
name
string
required
prefix
string
required
created_at
string<date-time>
required
last_used_at
string<date-time> | null
required
revoked_at
string<date-time> | null
required
plaintext
string
required

The full API key. This is the only time you will see the plaintext value -- once this response is dismissed, only the prefix is recoverable. Save it to a secure location (password manager, secret store) before continuing.