Skip to main content
POST
/
api
/
apikey
/
generate
curl -X POST 'https://crypto-api.yativo.com/api/apikey/generate' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Production Backend",
    "permissions": ["transactions:read", "transactions:write", "accounts:read"]
  }'

{
  "success": true,
  "message": "API key generated successfully",
  "warning": "Save the API Secret securely. It will not be shown again!",
  "data": {
    "api_key": "yativo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "api_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "key_name": "Production API Key",
    "scopes": ["read", "write", "transactions"],
    "expires_at": null,
    "rate_limit": {
      "requests_per_minute": 60,
      "requests_per_hour": 3000,
      "requests_per_day": 50000
    },
    "token_expiry_minutes": 60
  }
}
Authorization
string
required
Bearer token: Bearer YOUR_ACCESS_TOKEN
name
string
required
A human-readable label for this key (e.g. "Production Backend", "Staging Integration").
permissions
array
List of permission scopes. Omit to grant all scopes. Available values: transactions:read, transactions:write, accounts:read, accounts:write, webhooks:manage, analytics:read
expires_at
string
Optional expiry timestamp (ISO 8601). The key will be automatically revoked after this time.
The api_secret is returned only once at creation. Store it securely — it cannot be retrieved again. If lost, revoke the key and create a new one.
Using your API key: After generating a key, call POST /auth/token with your api_key and api_secret to generate a Bearer token. Bearer tokens expire in 60 minutes — refresh as needed. API keys themselves never expire unless you set expires_at at creation time.
interface CreateApiKeyRequest {
  name: string;
  permissions?: string[];
  expires_at?: string;
}

interface CreateApiKeyResponse {
  status: "success";
  data: {
    key_id: string;
    api_key: string;     // Public key — safe to reference in logs
    api_secret: string;  // Secret — shown ONCE, store securely
    name: string;
    permissions: string[];
    expires_at: string | null;
    created_at: string;
  };
}

curl -X POST 'https://crypto-api.yativo.com/api/apikey/generate' \
  -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' \
  -H 'Content-Type: application/json' \
  -d '{
    "name": "Production Backend",
    "permissions": ["transactions:read", "transactions:write", "accounts:read"]
  }'

{
  "success": true,
  "message": "API key generated successfully",
  "warning": "Save the API Secret securely. It will not be shown again!",
  "data": {
    "api_key": "yativo_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "api_secret": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
    "key_name": "Production API Key",
    "scopes": ["read", "write", "transactions"],
    "expires_at": null,
    "rate_limit": {
      "requests_per_minute": 60,
      "requests_per_hour": 3000,
      "requests_per_day": 50000
    },
    "token_expiry_minutes": 60
  }
}