> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create API access key

> Creates a new API access key credential in the current organization. The secret access key value is returned only once.



## OpenAPI

````yaml /api-reference/openapi-public.json post /access-keys
openapi: 3.0.0
info:
  title: Living Security Public API
  description: >-
    Curated, versioned API for Living Security customer integrations.
    Authenticate by exchanging a Living Security API access key for a
    short-lived bearer access token.
  version: 1.0.0
  contact: {}
servers:
  - url: https://api.us-east-1.livingsecurity.ai/api/v1
    description: US production
  - url: https://api.eu-west-1.livingsecurity.ai/api/v1
    description: EU production
  - url: /api/v1
    description: Current origin
security: []
tags: []
paths:
  /access-keys:
    post:
      tags:
        - Access Keys
      summary: Create API access key
      description: >-
        Creates a new API access key credential in the current organization. The
        secret access key value is returned only once.
      operationId: AccessKeys.create
      parameters:
        - name: x-organization-id
          in: header
          description: Organization context for multi-tenant operations
          required: true
          schema:
            type: string
            format: uuid
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/CreateAccessKeyDto'
      responses:
        '201':
          description: ''
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/CreateAccessKeyResponseDto'
      security:
        - bearerAuth: []
components:
  schemas:
    CreateAccessKeyDto:
      type: object
      properties:
        name:
          type: string
          description: >-
            Human-readable name for the API access key credential, usually the
            owning integration or automation
          example: SIEM Export Integration
          maxLength: 255
          minLength: 1
        expiresAt:
          type: string
          description: >-
            Optional expiration timestamp for the API access key credential in
            ISO 8601 format. Omit for no scheduled expiration.
          example: '2027-01-01T00:00:00Z'
          nullable: true
        keyType:
          type: string
          description: >-
            Credential type. user_bound keys are associated with the creating
            user's identity; service_account keys are intended for non-human
            service integrations.
          enum:
            - user_bound
            - service_account
          default: user_bound
          nullable: true
        scopes:
          type: array
          description: >-
            Permission scopes for the API access key credential. Defaults to
            ["*"] (full access). Use "push-ingest:*" to restrict the credential
            to push data ingestion only.
          default:
            - '*'
          items:
            type: string
            enum:
              - '*'
              - push-ingest:*
      required:
        - name
    CreateAccessKeyResponseDto:
      type: object
      properties:
        id:
          type: string
          description: Stable API access key identifier
        name:
          type: string
          description: >-
            Human-readable name for the API access key credential, usually the
            owning integration or automation
        keyType:
          type: string
          description: >-
            Credential type for the API access key. user_bound keys are
            associated with the creating user's identity; service_account keys
            are intended for non-human service integrations.
          enum:
            - user_bound
            - service_account
        boundEmail:
          type: string
          description: >-
            Email address associated with the API access key credential when the
            credential is user-bound
        status:
          type: string
          description: API access key status
          enum:
            - active
            - revoked
        lastUsedAt:
          type: string
          description: Last time the API access key was used
          format: date-time
          nullable: true
        expiresAt:
          type: string
          description: Expiration timestamp for the API access key credential
          format: date-time
          nullable: true
        createdAt:
          type: string
          description: Timestamp when the API access key credential was created
          format: date-time
        createdByUserId:
          type: string
          description: Identifier of the user who created this API access key
        scopes:
          description: Permission scopes assigned to this API access key
          example:
            - '*'
          type: array
          items:
            type: string
        secret:
          type: string
          description: >-
            One-time secret access key value. Store it immediately; it cannot be
            retrieved after creation or rotation.
      required:
        - id
        - name
        - keyType
        - boundEmail
        - status
        - createdAt
        - createdByUserId
        - scopes
        - secret
  securitySchemes:
    bearerAuth:
      scheme: bearer
      bearerFormat: access-token
      type: http
      description: >-
        Short-lived bearer access token issued for a Living Security API access
        key. Send as Authorization: Bearer <token>.

````