Skip to main content
POST
/
v1
/
api-keys
Create API Key
curl --request POST \
  --url https://api.example.com/v1/api-keys \
  --header 'Content-Type: application/json' \
  --data '
{
  "name": "<string>",
  "permissions": [
    {}
  ],
  "description": "<string>",
  "rate_limit_tier": "<string>",
  "expires_at": "<string>"
}
'
{
  "data": {
    "id": "<string>",
    "key": "<string>",
    "prefix": "<string>",
    "name": "<string>",
    "description": "<string>",
    "permissions": [
      {}
    ],
    "rate_limit_tier": "<string>",
    "expires_at": "<string>",
    "created_at": "<string>"
  }
}
The plaintext key is returned exactly once, in the response to this call. Store it immediately in a secure secret manager - it cannot be retrieved later. If it is lost, revoke the key and create a new one.

Request

Headers

Authorization: Bearer wbk_your_api_key_here
Content-Type: application/json
Idempotency-Key
string
Strongly recommended. Same key returns the original result (including the plaintext secret) within 24 hours.

Body Parameters

name
string
required
Human-readable key name. 1 - 120 characters.
permissions
array
required
Array of scope strings. At least one is required. Examples: read:contacts, write:contacts, read:deals, write:deals, write:email, write:ai, admin:api_keys, admin:webhooks.
description
string
Optional description explaining the intended use of the key.
rate_limit_tier
string
Optional override: standard (default), high, or unmetered. unmetered is only available on enterprise plans.
expires_at
string
Optional ISO 8601 expiry timestamp. After this time, requests with the key return 401 invalid_key.

Response

data
object
Responses include X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, and X-Request-ID. 
curl -X POST \
  https://data.leadlex.com/functions/v1/api-gateway/v1/api-keys \
  -H "Authorization: Bearer wbk_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Ingestion worker",
    "permissions": ["read:contacts", "write:contacts"],
    "description": "Used by the nightly ingestion job"
  }'

Example Response

{
  "data": {
    "id": "key_02HY2",
    "key": "wbk_live_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
    "prefix": "wbk_live",
    "name": "Ingestion worker",
    "description": "Used by the nightly ingestion job",
    "permissions": ["read:contacts", "write:contacts"],
    "rate_limit_tier": "standard",
    "expires_at": null,
    "created_at": "2026-04-17T11:20:00Z"
  }
}

Errors

StatusCodeDescription
400validation_errorMissing required fields or unknown permission scope
401invalid_keyInvalid or expired API key
403insufficient_permissionsMissing admin:api_keys permission
409duplicate_nameKey name already in use (active keys only)
429rate_limitedRate limit exceeded